On Tue, 23 Nov 1999, Gordon Messmer wrote:
> Since everyone likes to point their fingers toward security, I'll
> say "nu-uh". If the other machines on the network don't have
> routable IP's, then machines outside of his local network still
> can't get to the machines inside his network,
Bzzt. Thank you for playing, please try again next week.
"non-routable" addresses are non-routable purely through policy at the
boundary routers.
If you put addresses from 192.168.1.0 "on the cable" and your neighbor
does the same, the systems will probably be able to see each other.
There is no guarantee your ISP blocks private IP traffic internally,
and it may not be possible for them to block it on the shared cable.
There's not even any guarantee that they block private-network
addresses at their upstream connection. There have been questions
posted to Usenet about "why am I seeing 10-net traffic coming in from
my ISP?"
If you're going to firewall, do it right and use two NICs and a strong
filter ruleset; otherwise you're just pretending you have a secure
setup. Unfortunately you can't force others to share your delusion.
--
John Hardin KA7OHZ ICQ#15735746 http://www.wolfenet.com/~jhardin/
[EMAIL PROTECTED] pgpk -a finger://gonzo.wolfenet.com/jhardin
768: 0x41EA94F5 - A3 0C 5B C2 EF 0D 2C E5 E9 BF C8 33 A7 A9 CE 76
1024: 0xB8732E79 - 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
Failure to plan ahead on someone else's part does not constitute an
emergency on my part.
- David W. Barts in a.s.r
<[EMAIL PROTECTED]>
-----------------------------------------------------------------------
39 days until the Y2K apocalypse - keep gold & ammo handy!
--
To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
as the Subject.
