[H-GEN] Network Nasties

Everist, Geoff everistg at switch.aust.com
Thu Mar 2 00:20:59 EST 2000 

[ Humbug *General* list - semi-serious discussions about Humbug and ]
[ Unix-related topics.  Please observe the list's charter.          ]

[snip]

> 
> [ Humbug *General* list - semi-serious discussions about Humbug and ]
> [ Unix-related topics.  Please observe the list's charter.          ]
> 
> On Tue, 29 Feb 2000, Everist, Geoff wrote:
> 
> everis> We have been filtering some wierd packets on our 
> permanent modem (ppp)
> everis> connections to our ISP (who shall remain nameless). 
> We have two separate
> 
> everis> Shouldn't these source addresses be rejected by the 
> ISP routers? If they are
> everis> not then I guess the other conclusion is that they 
> are originating from
> everis> inside the ISP's network. I am very sure that they 
> are not coming from our
> everis> internal network. I have sent the logs to the ISP 
> security people, but it is
> everis> too early to expect a response at this stage.
> 
> It is a good idea (tm) for ISPs to prevent RFC1918 addresses 
> from leaving
> or entering their network, but this requires clue on the ISPs 
> part.  One
> way to see if they are filtering is to traceroute to the IPs which are
> trying to connect. (possibly another customer)
> 

[snip]
Well, tried the traceroute and it was duely routed through about half a
dozen routers on their network. Sent the results to tech support, and was
told that in a previous incarnation they offered a VPN service and this is
why the private addresses where being routed. This does not sound like a
particularly credible explanation to me (but at least I got some sort of
answer, which is a start). I would have thought most (if not all) VPNs would
encapsulate packets with private addresses. There would be no reason for any
of the routers in the network (except maybe the terminal points of the VPN)
to route private addresses. Otherwise it would be a PN, not a VPN. I am no
networking expert, so is this a reasonable assumption?

Regards
Geoff Everist

--
* This is list (humbug) general handled by majordomo at lists.humbug.org.au .
* Postings to this list are only accepted from subscribed addresses of
* lists 'general' or 'general-post'.

More information about the General mailing list