Great Circle Associates Firewalls
(June 1997)
 

Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]

Subject: Re: Class B Address
From: "David Harvey-George" <david @ threewiz . demon . co . uk>
Date: Sun, 22 Jun 1997 23:49:15 +0100
To: "'Firewalls @ GreatCircle . COM'" <Firewalls @ GreatCircle . COM>


> From: Rodney van den Oever <Rodney .
 van .
 den .
 Oever @
 tip .
 nl>
> >From: "Paquette, Trevor" <TrevorPaquette @
 mcc .
 net>
> >If someone wants to use a
> >random class B within their own network, that's fine with me.. Just make
> >sure that it does not leak out to the Internet, and that you are doing
> >NAT on all connections going in/out.
> 
> Unless you use proxies for outgoing connections you will run into trouble

> when your internal IP-space is actually used somewhere else in the 
> Internet!
> 
> Check the InterNIC for companies you won't be able to reach anymore...

How are these addresses going to leak out... are you thinking of running
BGP or something and broadcasting these illegal addresses to other routers?

As for proxies, these won't help you if you are using illegal  address
classes, this is one reason why RFC 1918 exists.  For example, say I choose
to use network 9 internally, if someone on my LAN points his browser to
IBM's Web site their packets will actually be routed to the local LAN. 
Either that or you would configure your proxy not to recognise 9 as the
local LAN, either way it's broken.

Better follow RFC 1918.

regards,

David

Indexed By Date Previous: SQLNet proxy that checks userid's?
From: "Eric V. Smith" <EricSmith @ windsor . com>
Next: Re: firewall administrator salary
From: "Bryan D. Boyle" <bdboyle @ att . com>
Indexed By Thread Previous: Re[2]: Class B Address
From: Karl Janice <"KJanice @ NYPP (Karl Janice)%NYPP"@mcimail.com>
Next: Re: Re[2]: Class B Address
From: "David Harvey-George" <david @ threewiz . demon . co . uk>

Google
 
Search Internet Search www.greatcircle.com