by redmail.netbsd.org with SMTP; 20 Sep 1999 13:36:23 -0000
	by antioche.lip6.fr (8.9.3/8.9.3) with ESMTP id PAA19781;
	Mon, 20 Sep 1999 15:36:13 +0200 (MEST)
Date: Mon, 20 Sep 1999 15:36:11 +0200
From: Manuel Bouyer <bouyer@antioche.lip6.fr>
To: Mason Loring Bliss <mason@acheron.middleboro.ma.us>
Cc: tech-security@netbsd.org
Subject: Re: Odd ipf behaviour?
Message-ID: <19990920153611.A13646@antioche.lip6.fr>
References: <19990919221430.L485@acheron.middleboro.ma.us> <19990920113942.A4576@antioche.lip6.fr> <19990920092544.R485@acheron.middleboro.ma.us>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
In-Reply-To: <19990920092544.R485@acheron.middleboro.ma.us>; from Mason Loring Bliss on Mon, Sep 20, 1999 at 09:25:44AM -0400

On Mon, Sep 20, 1999 at 09:25:44AM -0400, Mason Loring Bliss wrote:
> On Mon, Sep 20, 1999 at 11:39:42AM +0200, Manuel Bouyer wrote:
> 
> > Isn't 209.67.38.62 on the same subnet as your ep0 interface ?
> > If so they don't have to be source routed.
> 
> No, my IP is 24.218.72.110. Definitely different parts of town. :) But even
> so, the destination IP was in my internal ten net, so even on the subnet it
> would have to be source-routed, wouldn't it? My outside interface doesn't
> answer to a ten address, so to get a ten address to it, you have to explicitly
> route it there... At least, that was my understanding.

No, if it's on the same subnet (i.e. it can reach your router without
going through other router, for example it's on the same ethernet) it can
add an entry in his routing table for 10.0.0.0/24 pointing to your router.
If it has to go through other routers before yours it's another story :)
Do you have routed or gated running on your machine ?
It could announce a route to 10.0.0.0, which could be accepted by other
routers and propagated. It would be a severe security bug in the network
you're attached to, but technically it's possible.

--
Manuel Bouyer, LIP6, Universite Paris VI.           Manuel.Bouyer@lip6.fr
--