Maybe as a part of the provisioning process, we should be setting CPE firewalls to not allow packets through that aren't from the IPs they're supposed to have. Would be limiting BCP38 (and successors) all the way to the CPE.
----- Mike Hammett Intelligent Computing Solutions http://www.ics-il.com ----- Original Message ----- From: "Ty Featherling" <[email protected]> To: [email protected] Sent: Saturday, April 18, 2015 3:06:54 PM Subject: Re: [AFMUG] Private IPs behind router, behind NATted SM leaking through? I see customer routers leaking private ips into the WAN space all the time. I go looking for someone with a POE plugged into a LAN port but they aren't. The addresses aren't reachable it's just some kind of broadcast that gets caught in the bridge table. -Ty On Apr 18, 2015 1:24 PM, "Bill Prince" < [email protected] > wrote: I've got an SM in NAT mode. The only device connected to it is a WiFi router that is on the DMZ address. Numerous devices behind that router, and some of them are getting their IP addresses "leaking" into the SM's NAT table. Wha? See the example below. The private gateway IP on the SM is 172.16.1.1, and the router's public IP is 172.16.1.52, which is the DMZ address. Yet I see these addresses in the SM's NAT table (all 192.168.1.xxx). What's going on here? -- bp <part15sbs{at}gmail{dot}com>
