On Mon, Mar 05, 2001 at 03:56:12PM +0100, mouss wrote:
> [Problem 1]
> assume my host is 10.1.2.3. Now assume that your router has the same
> address. Can you explain to me how I can traceroute through your router.
> More precisely, tell me what happens in your router stack when it is
> sending me an ICMP ttl exceeded.
If you're sending anything out on the Internet from a source address of
10.1.2.3, you're obviously going through some sort of IP masquerading or
NAT. The router, in this case, will be seeing the traceroute packets
coming through with a source IP of whatever your masquerading is setting
it to, and it will be sending ICMP ttl exceeded to *that* IP address,
not to 10.1.2.3.
Granted, if you're not doing that, then your point holds -- the router
is sending the ICMP ttl exceeded to itself.
> [Problem 2]
> Assume your router has a private address, say 10.1.2.3. Tell me why
> can't I telnet to? The purpose of this question is that you come up with
> the conditions that make it impossible to connect to your router, and
> then compare these conditions with just blocking access to your router
> if it had a public address.
If you're not on my network, and I'm not your upstream that you're
sending packets to by default, there's no route in the routing tables that
can possibly send those packets to me.
> [Problem 3]
> Now, why not use ypur router in bridge mode, in which case it is simply
> invisible?
1) There's still legitimate need for folks on *my* network to get into
the router.
2) Bridging mode effectively turns everything into one segment and one
broadcast domain.
--
Devin L. Ganger <[EMAIL PROTECTED]>
A guy, his car, his miss, his nerve;
He kissed his miss and missed the curve.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
