Penetration Testing mailing list archives
Re: [PEN-TEST] advertising private IP numbers?
From: Bennett Todd <bet () RAHUL NET>
Date: Fri, 22 Dec 2000 11:16:36 -0500
2000-12-22-10:51:20 Joe Shaw:
It's considered in bad form to advertise rfc1918 space, and any network person will be laughed at for doing so.
Advertise routes to, absolutely. More than laughed at, even. Shunned.
However, you will sometimes find RFC1918 space used for interconnections between routers, like what you saw in your traceroute.
I'm fond of doing it myself.
This is generally not considered best practice if you want things like Path-MTU discovery to work.
Path Maximum-Transmit-Unit Discovery (PMTU-D) is important in today's internet, breaking it is Very Nasty, it causes obscure and hard-to-reproduce occasional failures, which are consistent for some unfortunate few. Really nasty. However, use of RFC 1918 addrs in this fashion does not break PMTU-D unless a router using an RFC1918 link addr has interfaces with different MTUs attached to it; if you follow a strict rule of never assigning an RFC 1918 addr to an interface on a router that has interfaces with different MTUs, I _believe_ you'll never ever break PMTU-D with the RFC 1918 link addrs trick. The other thing to do is to simply block RFC 1918 addrs at your borders, so that other people tracerouting your net won't see the RFC 1918 addrs in their traceroutes, post 'em to nanog, and laugh at you:-). Let 'em hang waiting for a timeout as they get no answers from the intermediate routers that have RFC1918 link addrs. -Bennett
Attachment:
_bin
Description:
Current thread:
- [PEN-TEST] advertising private IP numbers? securitygeek (Dec 21)
- Re: [PEN-TEST] advertising private IP numbers? Philipp Buehler (Dec 22)
- Re: [PEN-TEST] advertising private IP numbers? Joe Shaw (Dec 22)
- Re: [PEN-TEST] advertising private IP numbers? Bennett Todd (Dec 22)
- <Possible follow-ups>
- Re: [PEN-TEST] advertising private IP numbers? St. Clair, James (Dec 22)
- Re: [PEN-TEST] advertising private IP numbers? van der Kooij, Hugo (Dec 22)
- Re: [PEN-TEST] advertising private IP numbers? Barber, Chris (Dec 22)
- Re: [PEN-TEST] advertising private IP numbers? Dan Schleifer (Dec 22)
- Re: [PEN-TEST] advertising private IP numbers? Jason Paulson (Dec 22)
- Re: [PEN-TEST] advertising private IP numbers? Carric Dooley (Dec 23)
- Re: [PEN-TEST] advertising private IP numbers? Deus, Attonbitus (Dec 22)
- Re: [PEN-TEST] advertising private IP numbers? van der Kooij, Hugo (Dec 23)
- Re: [PEN-TEST] advertising private IP numbers? Dan Schleifer (Dec 22)
- Re: [PEN-TEST] advertising private IP numbers? securitygeek (Dec 22)
- Re: [PEN-TEST] advertising private IP numbers? Carter, Adam (Dec 23)