You're right, almost all ISP's filter RFC 1918 addresses at their ingress routers. I have seen some of those address's floating around inside of some AS's but only rarely... Chris Kirschke Chief Guru Astreya Partners, Inc chris@astreya.com 408-790-5900 xt 531 -----Original Message----- From: Hugo [mailto:cpfwlsts@hotmail.com] Sent: Sunday, June 09, 2002 7:49 AM To: Firewalls@lists.gnac.net Subject: ip routing I confiugured firewall (CP 4.1) not to control ip routing, meaning when firewall is dropped then it is still routing thwe packets. Frewall protexts hosts that have public ip range, LAN and DMZ. Let's say firewall service crashes but machine still works and can route the packets, so my networks (10.0.0.0/16 and 192.168.99.0/24) are exposed. Question: I think that even if fw service is down then nothing will happen cause you cannot attack hosts with illegeal ip addresses-they simply won't be routed back to attacker....but maybe I'm wrong here...I would like to have some feedback on this. Thanks. _______________________________________________ Firewalls mailing list Firewalls@lists.gnac.net For Account Management (unsubscribe, get/change password, etc) Please go to: http://lists.gnac.net/mailman/listinfo/firewalls
BEGIN:VCARD VERSION:2.1 N:Kirschke;Chris FN:Chris Kirschke EMAIL;PREF;INTERNET:Chris@astreya.com REV:20020524T003311Z END:VCARD