Re: Newbie question on private IP classes

From: Don Kelloway (dkelloway_at_commodon.com)
Date: 09/30/04

• Next message: Kerodo: "Re: Stealth vs Closed ports and firewalls"
• Previous message: Don Kelloway: "Re: Security question - please advise!"
• In reply to: Joost R. Meerten: "Newbie question on private IP classes"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Thu, 30 Sep 2004 00:51:23 GMT

"Joost R. Meerten" <JoostMeerten@SPAMMENOT.gmx.net> wrote in message
news:cjdt7v$6hc$1@news.tue.nl...
> I'm a n00b to firewalling (and advanced networking, really), and while
> educating myself, I stumbled on a question.
>
> Suppose I use NAT on a C class private LAN. As is my understanding, this
> means your local computers have IP addresses matching netmask
> 192.168.255.255, and your router maps these to IP addresses on a public
> net -- and vice versa.
>
> Let's also suppose the firewall is a dedicated box sans input or output
> devices, and I set up sshd to remotely configure it. Now, obviously, I
> don't
> want the outside world to even try a ssh connection to my firewall, so I
> could tell it to drop and log anything addressed to the wall but coming
> from
> the outside -- i.e., not matching 192.168.255.255.
>
> My question is this: can such addresses be spoofed? Could someone on the
> outside just send packets pretending to come from the local net, and is
> there any way to detect this? I'm thinking that if such packets go through
> any gateway, the gateway should just reroute them to a net local to the
> potential attacker, if not outright drop them -- right? But if the
> attacker
> is on the same net as my wall (though not in my private LAN), what then?
> TIA.
>

Private IP's are not supposed to be routable directly over the Internet. It
is because of this that spoofing is not very likely. If however such were
to occur your firewall should be of a design that will deny incoming traffic
from IP's it has been configured to know reside on the LAN.

-- 
Best regards, from Don Kelloway of Commodon Communications
Visit http://www.commodon.com to learn about the "Threats to Your Security 
on the Internet". 

---

• Next message: Kerodo: "Re: Stealth vs Closed ports and firewalls"
• Previous message: Don Kelloway: "Re: Security question - please advise!"
• In reply to: Joost R. Meerten: "Newbie question on private IP classes"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Svr-03 and DMZ ... If you use the back-to-back firewall model there is an additional firewall between the DMZ and the private LAN. ... The best candidates for a DMZ are servers which need to be accessed routinely from the Internet but only occasionally or never from the LAN. ... (microsoft.public.windows.server.networking) Newbie question on private IP classes ... Suppose I use NAT on a C class private LAN. ... Let's also suppose the firewall is a dedicated box sans input or output ... any gateway, the gateway should just reroute them to a net local to the ... potential attacker, if not outright drop them -- right? ... (comp.security.firewalls) Re: hostnames and ICF ... Is the network you're on protected from the Internet by a decent firewall? ... If they're running public IPs on LAN computers, ... > private lan. ... (microsoft.public.windowsxp.network_web) Re: FreeS/WAN network-to-network VPN ... > to the firewall public IP without any tunnel. ... you use the private LAN IP of the remote firewall. ... (comp.os.linux.networking) Re: FreeS/WAN network-to-network VPN ... > to the firewall public IP without any tunnel. ... you use the private LAN IP of the remote firewall. ... (comp.os.linux.security)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(10)