Penetration Testing mailing list archives
Re: [PEN-TEST] advertising private IP numbers?
From: Joe Shaw <jshaw () INSYNC NET>
Date: Fri, 22 Dec 2000 09:51:20 -0600
On Thu, 21 Dec 2000 securitygeek () HUSHMAIL COM wrote:
Below is part of traceroute that I grabbed... Is it normal to advertise non-routable/interal IP's like this? If it isn't, what mischief can be made easier to accomplish when this is done? 18 80 ms 100 ms 80 ms bb1-pos3-0-0.rdc1.va.home.net [24.7.73.110] 19 100 ms 140 ms 110 ms x.x.x.home.net [24.x.x.x] 20 81 ms 90 ms 150 ms 10.252.60.6 21 331 ms 320 ms 411 ms 192.168.0.98 22 190 ms 160 ms 90 ms x.x.x.253 23 150 ms 191 ms 140 ms x.x.x.10
It's considered in bad form to advertise rfc1918 space, and any network person will be laughed at for doing so. However, you will sometimes find RFC1918 space used for interconnections between routers, like what you saw in your traceroute. This is generally not considered best practice if you want things like Path-MTU discovery to work. Using RFC1918 space in this capacity and actually advertising RFC1918 space are not necessarily the same thing. -- Joseph W. Shaw Sr. Network Security Specialist for Big Company not to be named. I have public opinions, and they have public relations.
Current thread:
- [PEN-TEST] advertising private IP numbers? securitygeek (Dec 21)
- Re: [PEN-TEST] advertising private IP numbers? Philipp Buehler (Dec 22)
- Re: [PEN-TEST] advertising private IP numbers? Joe Shaw (Dec 22)
- Re: [PEN-TEST] advertising private IP numbers? Bennett Todd (Dec 22)
- <Possible follow-ups>
- Re: [PEN-TEST] advertising private IP numbers? St. Clair, James (Dec 22)
- Re: [PEN-TEST] advertising private IP numbers? van der Kooij, Hugo (Dec 22)
- Re: [PEN-TEST] advertising private IP numbers? Barber, Chris (Dec 22)
- Re: [PEN-TEST] advertising private IP numbers? Dan Schleifer (Dec 22)
- Re: [PEN-TEST] advertising private IP numbers? Jason Paulson (Dec 22)
- Re: [PEN-TEST] advertising private IP numbers? Carric Dooley (Dec 23)
- Re: [PEN-TEST] advertising private IP numbers? Deus, Attonbitus (Dec 22)
- Re: [PEN-TEST] advertising private IP numbers? van der Kooij, Hugo (Dec 23)
- Re: [PEN-TEST] advertising private IP numbers? Dan Schleifer (Dec 22)
- Re: [PEN-TEST] advertising private IP numbers? securitygeek (Dec 22)