Date: Mon, 12 Nov 2001 13:43:17 -0800 From: Greg White <gregw-freebsd-security@greg.cex.ca> To: security@freebsd.org Subject: Re: Filtering packets based on incoming address [ack. plaintext now] Message-ID: <20011112134317.A46767@greg.cex.ca> In-Reply-To: <001201c16b82$4da9d1e0$9700a8c0@ezri>; from wade@ezri.org on Mon, Nov 12, 2001 at 08:59:47AM -0500 References: <001201c16b82$4da9d1e0$9700a8c0@ezri>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon Nov 11/12/01, 2001 at 08:59:47AM -0500, Wade Majors wrote: > Should I even worry about this since my network using private IPs? Since most ISPs do absolutely no filtering of RFC1918 addresses anywhere, you positively _must_ do this. Try the following: 1. Remove the 'spoof' rules for RFC1918 addresses (temporarily). 2. Get to a host on an outside network. 3. On that host, "route add -net 192.168.0.0/24 ip.of.gate.way", where the 192.168.0.0 matches your internal network, and 'ip.of.gate.way' matches your host's external interface. 4. Sit back and enjoy unfettered access to all those internal hosts. 'Private' addresses are only private if all the routers on the internet refuse to route them. Most do not. :( -- Greg White To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011112134317.A46767>