[H-GEN] Network Nasties

[Bruce Campbell]

[ Humbug *General* list - semi-serious discussions about Humbug and ]
[ Unix-related topics.  Please observe the list's charter.          ]

On Tue, 29 Feb 2000, Everist, Geoff wrote:

everis> We have been filtering some wierd packets on our permanent modem (ppp)
everis> connections to our ISP (who shall remain nameless). We have two separate

everis> Shouldn't these source addresses be rejected by the ISP routers? If they are
everis> not then I guess the other conclusion is that they are originating from
everis> inside the ISP's network. I am very sure that they are not coming from our
everis> internal network. I have sent the logs to the ISP security people, but it is
everis> too early to expect a response at this stage.

It is a good idea (tm) for ISPs to prevent RFC1918 addresses from leaving
or entering their network, but this requires clue on the ISPs part.  One
way to see if they are filtering is to traceroute to the IPs which are
trying to connect. (possibly another customer)

everis> Number two is that we keep getting route connection attempts from the ISP
everis> end of another ppp link, vis:

everis> Is it possible the there is a router/terminal server configuration problem
everis> here? We have contacted our ISP technical people about it, but it all seems
everis> to go to /dev/null.

This depends on what you are dialed into.  If you are receiving
RIP(v2) route broadcasts, and you are dialing into a misconfigured modem
bank, then you are seeing  what should only be sent by the modem bank to
the rest of the ISP, not you.

I've only seen one piece of equipment which you cannot turn this behaviour
off, so tell your ISP to read their documentation on the modem bank
(I think your nameless ISP uses Bay Networks gear, but am not sure)

--==--
Bruce.


--
* This is list (humbug) general handled by majordomo at lists.humbug.org.au .
* Postings to this list are only accepted from subscribed addresses of
* lists 'general' or 'general-post'.