On Friday 2010-10-08 06:40, Payam Chychi wrote: > Thats correct Scott, > in order for any systems to abuse your setup they will need to be directly > connected to a segment that has knowledge of valid route to the end system... > meaning if a computer is 2 hops away and the router in between has no knowledge > of how to get to your private rfc1918 then pkts get dropped. > > Keep in mind that as ipv4 exhaustion gets extreme, some isps will use rcf1918 > blocks and route them either in their IGP or even EGP (aka internet routes)... Internally yes, but externally no. And it's not really RFC1918 routes being "used in the Internet" - instead, it is "enlarging our NAT domain". (Mobile UMTS/HSDPA providers do this in Germany already.) -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
