(September 1996)
|
|
Firewalls (September 1996) |
To me, it's a leak. ANYTHING sourced from the private address space in rfc1918 on the 'outside' is a leak. You can read more about it here; http://compute.merit.edu/help.html A Cisco example provided by Paul Vixie on compute.merit.edu to 'help' block these addresses among others. access-list 100 deny ip host 0.0.0.0 any access-list 100 deny ip 127.0.0.0 0.255.255.255 255.0.0.0 0.255.255.255 access-list 100 deny ip 10.0.0.0 0.255.255.255 255.0.0.0 0.255.255.255 access-list 100 deny ip 172.16.0.0 0.15.255.255 255.240.0.0 0.15.255.255 access-list 100 deny ip 192.168.0.0 0.0.255.255 255.255.0.0 0.0.255.255 access-list 100 deny ip 192.0.2.0 0.0.0.255 255.255.255.0 0.0.0.255 access-list 100 deny ip 128.0.0.0 0.0.255.255 255.255.0.0 0.0.255.255 access-list 100 deny ip 191.255.0.0 0.0.255.255 255.255.0.0 0.0.255.255 access-list 100 deny ip 192.0.0.0 0.0.0.255 255.255.255.0 0.0.0.255 access-list 100 deny ip 223.255.255.0 0.0.0.255 255.255.255.0 0.0.0.255 access-list 100 deny ip 224.0.0.0 31.255.255.255 224.0.0.0 31.255.255.255 access-list 100 deny ip any 255.255.255.128 0.0.0.127 access-list 100 permit ip any any Charles At 01:12 AM 9/8/96 EDT, Barney Wolff wrote: >I believe that this is not a leak, but simply somebody using the private >space for network infrastructure. On the one hand, this has the major >advantage that outsiders cannot attack your routers. On the other, either >you must suppress the ICMP TTL-exceeded packets from those routers, >resulting in a false appearance of an outage in your network, or allow >them out, with the result that outsiders send queries to the firewalls >list :-) > >I tend to favor the idea, although I have not actually done it. > >Barney Wolff <barney @ databus . com> > >> Date: Sat, 07 Sep 1996 19:38:13 -0500 >> To: Felber @ abacus . ch (Hubert Felber), firewalls @ GreatCircle . COM >> From: Charles Ragan <ragan @ INS . COM> >> Subject: Re: curios traceroute >> Cc: bridge @ DIAL-SWITCH . CH >> Content-Length: 2661 >> >> It appears that someone is leaking. Consistency in yours and mine is; >> >> Tracing route to 194.209.14.36 over a maximum of 30 hops >> >> 11 464 ms 333 ms 334 ms UBN-gw5.ALTER.NET [137.39.129.26] >> 12 357 ms 342 ms 330 ms zh11-eth0.unisource.ch [164.128.44.37] >> 13 442 ms 369 ms 438 ms 164.128.41.70 >> 14 440 ms * 396 ms 164.128.45.35 >> 15 362 ms 368 ms 471 ms 192.168.1.1 >> 16 479 ms 395 ms 374 ms 10.0.1.58 >> 17 192.168.2.42 reports: Destination host unreachable. >> >> Unisource Business Networks (Schweiz) AG (NET-UBN-CH) >> Schermenwaldstrasse 13 >> CH-3063 Ittigen >> >> Netname: UBN-CH >> Netnumber: 164.128.0.0 >> >> Coordinator: >> Bridge, Philip (PB334) bridge @ DIAL-SWITCH . CH >> +41 31 688 8262 (FAX) +41 31 688 8152 >> >> Domain System inverse mapping provided by: >> >> UBNSRV.UNISOURCE.CH 164.128.36.34 >> SCSNMS.SWITCH.CH 130.59.1.30 >> >> Record last updated on 13-Jun-95. >> >> At 09:30 AM 9/6/96 GMT, Hubert Felber wrote: >> > Hi, >> > Can anyone explain me the following traceroute? >> > 1. question: the last 3 addresses are private internet addresses. Why >> do I see them on the list? 2. Why is the station 194.209.14.36 not in the list >> > Tracing the route to 194.209.14.36 >> > 1 SWISG1-S4.SWITCH.CH (130.59.195.2) 16 msec 16 msec 12 msec >> > 2 SWIEZ7-S5-3.SWITCH.CH (130.59.32.2) 20 msec 20 msec 20 msec >> > 3 SWIEG1-F0-0.SWITCH.CH (130.59.20.211) 16 msec 16 msec 20 msec >> > 4 ZH00-SRL0.UNISOURCE.CH (193.246.104.130) 24 msec 28 msec 20 msec >> > 5 ZH21-ETH0.UNISOURCE.CH (164.128.44.38) 20 msec >> > ZH11-ETH0.UNISOURCE.CH (164.128.44.37) 20 msec >> > ZH21-ETH0.UNISOURCE.CH (164.128.44.38) 20 msec >> > 6 164.128.41.66 36 msec 32 msec >> > 164.128.41.70 64 msec >> > 7 164.128.45.35 32 msec * 64 msec >> > 8 192.168.1.1 36 msec 32 msec 68 msec >> > 9 10.0.1.58 128 msec 116 msec 76 msec >> > 10 192.168.2.42 !H !H !H >> >--- >> >Hubert Felber (felber @ abacus . ch) __ ___ _ __ >> >ABACUS Research AG /\ | \ /\/ __)| | | \ >> >9006 St. Gallen, Switzerland / \| _// \| | | | |\ ~ >> >Phone +41 71 243 35 11 / /\ \ \ /\ \_| |_| | \ >> >Fax +41 71 243 35 00 /_/ \_\_// \_\_)___/\__/ >> > >> > >> > >> ----------------------------------------------------- >> Charles B. Ragan, Jr. International Network Services >> (214) 392-3545 14160 Dallas Parkway Suite 200 >> Charles_Ragan @ ins . com Dallas, TX 75040 >> Cisco Certified IE (CCIE) Text Page - 1-800-INS-1-INS >> Master CNE Direct Page - 1-888-360-5812 >> Microsoft SE >> Certified Banyan Engineer "Semper Fi" - USMC Retired >> ----------------------------------------------------- >> >> >> >> > > ----------------------------------------------------- Charles B. Ragan, Jr. International Network Services (214) 392-3545 14160 Dallas Parkway Suite 200 Charles_Ragan @ ins . com Dallas, TX 75040 Cisco Certified IE (CCIE) Text Page - 1-800-INS-1-INS Master CNE Direct Page - 1-888-360-5812 Microsoft SE Certified Banyan Engineer "Semper Fi" - USMC Retired -----------------------------------------------------
|