Strange things which should never happen (was Re: RFC 1918)
In article <Pine.BSF.4.21.0007141956280.95155-100000@overlord.e-gerbil.net>, "Richard A. Steenbergen" <ras@e-gerbil.net> wrote:
I still have not seen a single compelling arguement which says you gain one bit more security by filtering RFC1918-source'd packets. It is useless at best, and disruptive at worst.
I don't know my TCP/IP stack well enough, but what happens when a host with multiple interfaces, one of which is assigned an RFC1918 address, receives an packet through another interface with a source address the same RFC1918 address. Are the stacks smart enough to realize the packet is really an external packet, or will they assume the packet came from inside.
At 10:14 PM 7/14/00 -0700, Sean Donelan wrote:
I don't know my TCP/IP stack well enough, but what happens when a host with multiple interfaces, one of which is assigned an RFC1918 address, receives an packet through another interface with a source address the same RFC1918 address. Are the stacks smart enough to realize the packet is really an external packet, or will they assume the packet came from inside.
Nope - at least none of the ones I have seen. Strictly speaking, the host *should* not care from which interface a packet is received unless you have some type of firewall/filtering rule-set installed. TTFN, patrick
participants (2)
-
Patrick W. Gilmore
-
Sean Donelan