On Sun, Apr 16, 2000 at 05:13:38PM -0400, Stephen F. Bosch wrote:
-> "Eric L. Brine" wrote:
-> >
-> > > Even if masquerading works in this situation, you STILL have packets
-> > > with 192.168.0 headers going out onto the local subnet, and if your ISP
-> > > notices this, you're going to get your wrists slapped.
-> >
-> > I don't believe that's the problem. The problems are security/privacy and
-> > bandwidth usage.
->
-> Ultimately the ISP has to block these packets at their routers, or they
-> get into trouble, so it's not a huge problem -- but all you need is for
-> two people on the same subnet to make the same mistake, and you've got
-> trouble.
No, read the extract from the RFC elsewhere in this thread. If the ISP
sees any packets addressed on the private network, then the RFC has been
violated.
->
-> > Security: The ISP and possibly other clients can see your internal
-> > packets, and possibly even gain access to your private network.
->
-> Exactly.
Agreed. And that is both a necessary and sufficient reason to multi-home
the firewall and keep the private net traffic off the ISP's net.
--
-- C^2
No windows were crashed in the making of this email.
Looking for fine software and/or web pages?
http://w3.trib.com/~ccurley
