Newbie question on private IP classes

From: Joost R. Meerten (JoostMeerten_at_SPAMMENOT.gmx.net)
Date: 09/29/04

• Next message: nospam: "Re: Newbie question on private IP classes"
• Previous message: Madhur Ahuja: "analyse the logs (Reliance India Ltd)"
• Next in thread: nospam: "Re: Newbie question on private IP classes"
• Reply: nospam: "Re: Newbie question on private IP classes"
• Reply: Don Kelloway: "Re: Newbie question on private IP classes"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Wed, 29 Sep 2004 10:54:23 +0200

I'm a n00b to firewalling (and advanced networking, really), and while
educating myself, I stumbled on a question.

Suppose I use NAT on a C class private LAN. As is my understanding, this
means your local computers have IP addresses matching netmask
192.168.255.255, and your router maps these to IP addresses on a public
net -- and vice versa.

Let's also suppose the firewall is a dedicated box sans input or output
devices, and I set up sshd to remotely configure it. Now, obviously, I don't
want the outside world to even try a ssh connection to my firewall, so I
could tell it to drop and log anything addressed to the wall but coming from
the outside -- i.e., not matching 192.168.255.255.

My question is this: can such addresses be spoofed? Could someone on the
outside just send packets pretending to come from the local net, and is
there any way to detect this? I'm thinking that if such packets go through
any gateway, the gateway should just reroute them to a net local to the
potential attacker, if not outright drop them -- right? But if the attacker
is on the same net as my wall (though not in my private LAN), what then?
TIA.

J.

---

• Next message: nospam: "Re: Newbie question on private IP classes"
• Previous message: Madhur Ahuja: "analyse the logs (Reliance India Ltd)"
• Next in thread: nospam: "Re: Newbie question on private IP classes"
• Reply: nospam: "Re: Newbie question on private IP classes"
• Reply: Don Kelloway: "Re: Newbie question on private IP classes"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Svr-03 and DMZ ... If you use the back-to-back firewall model there is an additional firewall between the DMZ and the private LAN. ... The best candidates for a DMZ are servers which need to be accessed routinely from the Internet but only occasionally or never from the LAN. ... (microsoft.public.windows.server.networking) Re: Newbie question on private IP classes ... > want the outside world to even try a ssh connection to my firewall, ... > any gateway, the gateway should just reroute them to a net local to the ... > is on the same net as my wall (though not in my private LAN), ... Private IP's are not supposed to be routable directly over the Internet. ... (comp.security.firewalls) Re: FreeS/WAN network-to-network VPN ... > to the firewall public IP without any tunnel. ... you use the private LAN IP of the remote firewall. ... (comp.os.linux.security) Re: FreeS/WAN network-to-network VPN ... > to the firewall public IP without any tunnel. ... you use the private LAN IP of the remote firewall. ... (comp.os.linux.networking) Re: Another Secure FTP thread -- Protection Levels ... gateway or proxy system to act as an FTP relay ... firewall) to the remote system. ... He would need to establish his FTP ... connections from the gateway to the remote system while blocking FTP ... (comp.protocols.kermit.misc)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(12)