cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1847
Views
0
Helpful
1
Replies

RFC 1918 & ACL

avilt
Level 3
Level 3

Hi,

I have some queries on RFC 1918

1. Do I need to block RFC 1918 addresses on the internet edge router even if I am not using the private address space in my LAN/DMZEE?

2. The RFC 1918 ip addresses are non routable on internet. Then how are they reaching one's network thru internet? Sometimes I see some logs on my firewall from internet with the source ip 10.x.x.x

If its hitting my network thru address spoofing, is it not possible for my firewall to identify the real IP address?

Thank You

1 Reply 1

Jon Marshall
Hall of Fame
Hall of Fame

Hi

1) Yes you should still use them as you should never be seeing these addresses coming from the Internet as legitimate traffic.

2) A packet with a source ip address of 10.x.x.x will still reach your firewall. It is only when it tries to route back to that address that it fails. But often people sending these packets are not interested in the return traffic eg when they are issuing a snmp set commmand to a router.

If they have spoofed the source no it is not really possible to trace the real address.

HTH

Jon

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: