RFC 1918 & ACL

Unanswered Question
Feb 6th, 2007

Hi,

I have some queries on RFC 1918

1. Do I need to block RFC 1918 addresses on the internet edge router even if I am not using the private address space in my LAN/DMZEE?

2. The RFC 1918 ip addresses are non routable on internet. Then how are they reaching one's network thru internet? Sometimes I see some logs on my firewall from internet with the source ip 10.x.x.x

If its hitting my network thru address spoofing, is it not possible for my firewall to identify the real IP address?

Thank You

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jon Marshall Wed, 02/07/2007 - 03:14

Hi

1) Yes you should still use them as you should never be seeing these addresses coming from the Internet as legitimate traffic.

2) A packet with a source ip address of 10.x.x.x will still reach your firewall. It is only when it tries to route back to that address that it fails. But often people sending these packets are not interested in the return traffic eg when they are issuing a snmp set commmand to a router.

If they have spoofed the source no it is not really possible to trace the real address.

HTH

Jon

Actions

This Discussion