From owner-freebsd-questions@freebsd.org Tue Oct 13 07:06:22 2015 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 9F71FA12FF5 for ; Tue, 13 Oct 2015 07:06:22 +0000 (UTC) (envelope-from matthew@FreeBSD.org) Received: from smtp.infracaninophile.co.uk (smtp.infracaninophile.co.uk [IPv6:2001:8b0:151:1:3cd3:cd67:fafa:3d78]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.infracaninophile.co.uk", Issuer "infracaninophile.co.uk" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4BE351CCD for ; Tue, 13 Oct 2015 07:06:22 +0000 (UTC) (envelope-from matthew@FreeBSD.org) Received: from liminal.local (liminal.infracaninophile.co.uk [IPv6:2001:8b0:151:1:3636:3bff:fed4:b0d6]) (authenticated bits=0) by smtp.infracaninophile.co.uk (8.15.2/8.15.2) with ESMTPSA id t9D76BSi009267 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO) for ; Tue, 13 Oct 2015 08:06:12 +0100 (BST) (envelope-from matthew@FreeBSD.org) Authentication-Results: smtp.infracaninophile.co.uk; dmarc=none header.from=FreeBSD.org DKIM-Filter: OpenDKIM Filter v2.10.3 smtp.infracaninophile.co.uk t9D76BSi009267 Authentication-Results: smtp.infracaninophile.co.uk/t9D76BSi009267; dkim=none; dkim-atps=neutral X-Authentication-Warning: lucid-nonsense.infracaninophile.co.uk: Host liminal.infracaninophile.co.uk [IPv6:2001:8b0:151:1:3636:3bff:fed4:b0d6] claimed to be liminal.local Subject: Re: Are udp packets with non-routeable ip addresses valid on public network? To: freebsd-questions@freebsd.org References: <561BB03D.1060104@gmail.com> <51462673-A972-40A4-A5AF-163834A154CC@elde.net> From: Matthew Seaman X-Enigmail-Draft-Status: N1110 Message-ID: <561CAD63.3040103@FreeBSD.org> Date: Tue, 13 Oct 2015 08:06:11 +0100 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:38.0) Gecko/20100101 Thunderbird/38.3.0 MIME-Version: 1.0 In-Reply-To: <51462673-A972-40A4-A5AF-163834A154CC@elde.net> Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="LHaJWvBbhHLoOvqAxEPfFQqReU41CRNeF" X-Virus-Scanned: clamav-milter 0.98.7 at lucid-nonsense.infracaninophile.co.uk X-Virus-Status: Clean X-Spam-Status: No, score=-2.6 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00 autolearn=ham autolearn_force=no version=3.4.1 X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on lucid-nonsense.infracaninophile.co.uk X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 13 Oct 2015 07:06:22 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --LHaJWvBbhHLoOvqAxEPfFQqReU41CRNeF Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable On 12/10/2015 19:32, Terje Elde wrote: > On 12. okt. 2015, at 15:06, Ernie Luzar wrote: >=20 >>> I am receiving unsolicited inbound udp packets with a "to ip >>> address" [10.0.10.1] of a computer on my LAN. Is this valid? > It shouldn't be routes over the internet to you, but it's pretty > common to use between your ISP and yourself, for things like DHCP. > What are the port-numbers? 67/68 or thereabout? Uh... DHCP usually uses just layer-2 (ie. Ethernet) addressing which is a useful feature in a protocol designed to specify host IP addresses... In those cases where you can't have a DHCP server on the same ethernet segment, there is a specific default IP address range for a client host to fall back to in order to make a layer-3 connection to a DHCP server -- which is the 169.254.0.0/16 link-local address range. See RFC 5735. If his ISP was using 10.0.0.0/8 addresses for their customer-facing network segments, I'm pretty sure the OP would have been told about it and hence not be alarmed at seeing that traffic. Cheers, Matthew --LHaJWvBbhHLoOvqAxEPfFQqReU41CRNeF Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2 iQJ8BAEBCgBmBQJWHK1jXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2NTNBNjhCOTEzQTRFNkNGM0UxRTEzMjZC QjIzQUY1MThFMUE0MDEzAAoJELsjr1GOGkATFgcP/3mNwhXXBy4F048RkxqpRJMH jdVftwe290sF0MLbRNk0U+S8vm7EgxCsrrZ67pP3PydvbT3uenjM8wdBYIm+sHCp oTyN9LDspEIHTAeRYvkXi4+q7YXsupvB2nwLJ+cif6l7Ncgen25lM1rgkFZb0Vb3 in5YjKOLTZouq4OL1M7GAPZl+IuuAiXSU50yn3GxZcMkMFXZJ7bf4JgymLYt+DFg tky3fh43LEEkSz4AAlq5SFvn1lh/ZSTDfkqdGK/1KjQrM6WrsK4PeHmsVJgwQKjd bJOVCp5YnPl+QG7csa7ZyA+dURn393TRbkEfNB+yT7fRUKlwD9gqYbvLusrtKs8i KM1BvLppKpujJxZA+0iu2Q/20dTL/JGO5i8wH/rD8BTwxI9KLxui1l6ex7sdXPXo Ra7bRFT/EZBv0nE0EX417/LIO7hjtdp3SlJn2iX/rUvUoBBNSpVbW4/c9I/j29UV qm6WaxvMYhl6mgWAYbLuXNAaBd1rlRX9noYI9bFPiQHW3iupvrS3FkPPbiBzx0jt yIw8fkY3iSG1JTsfsVngEHmnVhxndERLP4ivzrs9Api17/cvc2osrUA17ue11PaX 9NEu4ihOoZ62qvyHGUniG/6cWUbxUKmA1sCLFNiNmHr/eAbKVfG1AFw8Wa8ZEZqh I7GWgWrpPApdOPetBZB8 =TSQl -----END PGP SIGNATURE----- --LHaJWvBbhHLoOvqAxEPfFQqReU41CRNeF--