On Wed, 2006-07-05 at 11:36 -0700, Martin Casado wrote: > I guess the problem is fundamental, if we are using some > public prefix (say > 1.2.3/24) and I send a packet to 1.2.3.11, the network cannot determine > whether I'm intending > to send traffic internally or externally.
Correct. Since the destination address (global) happens to match the local subnet, the host will simply issue and ARP for the destination (and either get a response from the wrong guy, or not get any response). In any case, the host will not even attempt to forward to its next-hop router/NAT (which is contacts for destinations not on the local subnet). > This is a pretty serious blunder ... though may be difficult to > determine remotely due to the interposition of > proxies and tunnelling. Do you have a feel for how often corporations (big enough to have their own address block) are subjected to their ISP's proxy? I know lots of ISPs in Europe proxy dial-up/DSL/Cable users (who don't own an address block obviously); I don't know how common it is to proxy an address-block-owning entity. If it is not very common, then checking the owner for the address-block for the client, and the owner for the address-block for the proxy/NAT would shed some light on the matter. On Wed, 2006-07-05 at 10:53 -0700, Martin Casado wrote: > btw, do you know FastWeb's public address block? We can poke through > our data and see if we have anything on it. FastWeb is AS12874; address block details: http://www.cidr-report.org/cgi-bin/as-report?as=AS12874 cheers, -- Saikat
signature.asc
Description: This is a digitally signed message part
_______________________________________________ p2p-hackers mailing list [email protected] http://lists.zooko.com/mailman/listinfo/p2p-hackers
