Packets from 10.0.0.0/24

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Bruno Wolff III wrote:
> While it is possible you are receiving packets that claim to come from
> 10.*.*.* addresses, most likely the source is local to your network.

Tim wrote:
> Or, perhaps, internal to your ISP.  To get an attempt from an address
> like that, it'd have to be on one side of the other of your connection,
> no further away.

Actually, that isn’t necessarily true.

If you can put packets on the Internet coming *from* a 10.*.*.* address
and going *to* a routable address, they’ll probably get through fine.
There’s no way of responding to them, of course, so you can’t do TCP/IP
connections.

One legitimate case where this can happen is if an ISP uses 10.*.*.*
addresses for internal routing:
    internet <---> gateway router <---> internal router <---> computers
       public addresses         10.*.*.*          public addresses

(Note there’s absolutely no NAT in this scenario. All packets retain the
same publicly routable source and destination IP addresses right across
the network.)

Custom routes on the gateway and internal routers make this Just Work in
exactly the same way as it would if the ISP had used public addresses.
Normally, no-one will notice in the slightest, but if you traceroute a
computer on this network, you should receive responses from the 10.*.*.*
address of the internal router.

Of course, the internal router can’t make its own TCP/IP connections to
the Internet, but you wouldn’t want it to anyway.

It’s possible for other ISPs to drop these packets, of course, but most
(?) don’t for three reasons (at least for packets that haven’t come from
their own network):
 * there are legitimate reasons why an Internet connection might have
   very different outbound and return routes (especially where you have
   asymmetric costs or bandwidth), and breaking those connections will
   cost the ISP in support calls,

 * that means you can already send packets across the Internet with fake
   sender IP addresses: blocking a few of them doesn’t exactly stop
   trouble,

 * it means extra work for their engineers and routers.

Hope this helps,

James.

-- 
E-mail:     james@ | … you don’t know who else your internet partner is
aprilcottage.co.uk | chatting with.  There’s nothing worse than a Turing
                   | Test coming back positive for chlamydia.
                   |     – http://blag.xkcd.com/2009/09/05/
-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux