Re: [fw-wiz] Duplicate Public IP Addresses?



So the short answer is that the real owner of the 80.X.X.X ISP advertises the route, and you don't. So it would only affect your users local to your network, in which case they would go to your local 80.X.X.X address over the one on the internet someplace (assuming your advertising the 80.X.X.X subnet on your network).

Very few people would need to use more space than listed in RFC1918 and RFC 3330 before using other random IP addresses. If one still needs more than what these RFCs offer, then choose one that is unlikely to be on the common internet, or services that your local users don't use, like one of the DoD networks. But of course these can only be used internally; publically you will need addresses assigned to you from ARIN, or re-assigned from your ISP.

-Steve

--------------------------------------------------
From: "arvind doraiswamy" <arvind.doraiswamy@xxxxxxxxx>
Sent: Friday, January 01, 2010 7:10 AM
To: "Firewall Wizards Security Mailing List" <firewall-wizards@xxxxxxxxxxxxxxxxxxxxx>
Subject: [fw-wiz] Duplicate Public IP Addresses?

Hey Guys,
Maybe this is a bit of a basic question but I thought I'd ask here all
the same. Please let me know if this is too Non Firewall to be posted
:)

Over the years a lot of clients have used Public IP addresses on an
Internal network. So there's whole internal ranges with 80.x.x.x . Now
almost all of those systems do not have publicly reachable services at
all. Lets also assume that there is some website somewhere which has
the 80.x.x.x IP address assigned to it and people DO visit it and use
its "services". All ok so far.

What though if the internal network suddenly decided to make one of
his systems a web server , put a site onto it and pushed it on to the
Internet with the same 80.x.x.x address that was assigned to the
server when it was part of the Internal Network? Effectively it means
that now.. 2 servers ; the original web server (A) and the new web
server (B) both have an IP of 80.x.x.x (SAME).

Now I haven't done this practically and checked what will happen , but
I have a few questions in mind.

a) What happens to all the traffic going to A? Does it still go there
or do clients of A get redirected to B?
b) What about B wrt Question a) ?
c) What about DNS servers everywhere? What IP addresses will they
cache and how will they ensure that people are "routed" correctly?
d) Isn't this a very easy DOS condition? Anyone just changes IP ,
registers with their own DNS and sits back and waits?

Am I missing something? It just seems to easy to do..so I thought I'd
post here and get educated :)

Thnx
Arvind
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards



Relevant Pages

  • Re: Internal and external IP resolution
    ... Is there a way that I can configure Windows XP clients so that when they connect to our internal network over the VPN their DNS cache will clear and my internal DNS servers will move up to the top of the list of servers they use to resolve IP addresses? ... We have on the network our Exchange 2003 server MAILSERVER.OURDOMAIN.COM. ... So we don't get rejected by overly aggressive SPAM filters like crummy Comcast and Verizon who think they own the Internet we have to have our mail server setup so they can reverse lookup and see that the sending IP and DNS name match up so we have MAILSERVER.OURDOMAIN.COM setup in our ISPs DNS list as something that can be reverese looked up. ...
    (microsoft.public.windows.server.networking)
  • Re: DHCP Fails on Authorized Server
    ... recall ever doing such a click in 10 years of SBS. ... Then you focus on the internal network. ... I am 110% sure that it's not a print server, ... Is it connected to the same internet connection your SBS server is? ...
    (microsoft.public.windows.server.sbs)
  • Re: [fw-wiz] IP/HTTP from the internet to internal network
    ... > from the internet, through some application server, to a server on the ... > internal network that holds info for the application, ... Control of the remote machine's configuration and integrity. ...
    (Firewall-Wizards)
  • Internal and external IP resolution
    ... to our Exchange Server when connecting via the VPN. ... We have had our internal network setup since 2000 with the same domain ... We also have registered on the Internet our domain OURDOMAIN.COM ... server setup so they can reverse lookup and see that the sending IP and DNS ...
    (microsoft.public.windows.server.networking)
  • Re: Internal and external IP resolution
    ... they connect to our internal network over the VPN their DNS ... We have on the network our Exchange 2003 server (upgraded years ... We also have registered on the Internet our domain OURDOMAIN.COM ...
    (microsoft.public.windows.server.networking)