Bookmarks

Yahoo Gmail Google Facebook Delicious Twitter Reddit Stumpleupon Myspace Digg

Search queries



Links

Issociate
Impressum

#1: 172.16.x.x routable?

Posted on 2005-10-15 07:41:15 by UAError

I was under the impression that 172.16.x.x-172.31.x.x addresses were
used for private ip addresses like the 192.168.x.x addresses are. I
also thought that meant they're not routable. The other day while I was
helping someone they pinged me and the return address on their packets
was 172.16.x.x. They were several hundred miles away so their packets
had to get routed through a number of hops before it got to me. Can
someone explain why this worked? Thanks.

Report this message

Mr Ad

Google

#2: Re: 172.16.x.x routable?

Posted on 2005-10-15 13:25:03 by Volker Birk

null wrote:
> I was under the impression that 172.16.x.x-172.31.x.x addresses were
> used for private ip addresses like the 192.168.x.x addresses are.

Yes, see RFC 3330. To be exactly: 172.16.0.0/12 is set aside for use in
private networks.

> I
> also thought that meant they're not routable.

Oh, they're routable. One should not route them to the Internet, though.

> The other day while I was
> helping someone they pinged me and the return address on their packets
> was 172.16.x.x. They were several hundred miles away so their packets
> had to get routed through a number of hops before it got to me. Can
> someone explain why this worked? Thanks.

Please post a traceroute.

Yours,
VB.
--
"Ich bin ein freier Mensch und werde jetzt von meinen Freiheitsrechten
Gebrauch machen - und zwar ausgiebig - natürlich nur in dem Rahmen, den
Otto Schily mir noch zur Verfügung stellt."
Wolfgang Clement am 10.10.05 als Noch-Superminister

Report this message

#3: Re: 172.16.x.x routable?

Posted on 2005-10-15 14:15:01 by somebody.

"null" wrote in message news:%D04f.1529$nk2.407@trnddc07...
>I was under the impression that 172.16.x.x-172.31.x.x addresses were used
>for private ip addresses like the 192.168.x.x addresses are. I also
>thought that meant they're not routable. The other day while I was helping
>someone they pinged me and the return address on their packets was
>172.16.x.x. They were several hundred miles away so their packets had to
>get routed through a number of hops before it got to me. Can someone
>explain why this worked? Thanks.

They're only non-routable on the Internet. Ergo you were experiencing a VPN
or non-Internet private curcuit.

The 172 address you saw could also be the IP of a box that's in your cloud
that's NATing them or otherwise introducing the packet to your network.

-Russ.

Report this message

#4: Re: 172.16.x.x routable?

Posted on 2005-10-15 16:55:15 by UAError

Somebody. wrote:
> "null" wrote in message news:%D04f.1529$nk2.407@trnddc07...
>
>>I was under the impression that 172.16.x.x-172.31.x.x addresses were used
>>for private ip addresses like the 192.168.x.x addresses are. I also
>>thought that meant they're not routable. The other day while I was helping
>>someone they pinged me and the return address on their packets was
>>172.16.x.x. They were several hundred miles away so their packets had to
>>get routed through a number of hops before it got to me. Can someone
>>explain why this worked? Thanks.
>
>
> They're only non-routable on the Internet. Ergo you were experiencing a VPN
> or non-Internet private curcuit.
>
> The 172 address you saw could also be the IP of a box that's in your cloud
> that's NATing them or otherwise introducing the packet to your network.
>
> -Russ.
>
>
The problem is that this was just Joe user using DSL to connect his
home machine to the net through an ISP. There was no VPN and we weren't
even sharing ISP's. He had a router between his DSL modem and his
computer, so that would NAT his address between it and his computer, but
shouldn't have any bearing on the outside world. I don't use 172
anywhere on my side of things.
I had asked him what his IP number was and he had replied that it was
172.16.x.x. I told him that couldn't be the actual address assigned to
him and asked him to ping me. That was when I saw the packets with the
172.16.x.x return address that he had previously mentioned. He also
received the ping replies.

Report this message

#5: Re: 172.16.x.x routable?

Posted on 2005-10-15 16:55:31 by UAError

Volker Birk wrote:
> null wrote:
>
>>I was under the impression that 172.16.x.x-172.31.x.x addresses were
>>used for private ip addresses like the 192.168.x.x addresses are.
>
>
> Yes, see RFC 3330. To be exactly: 172.16.0.0/12 is set aside for use in
> private networks.
>
>
>>I
>>also thought that meant they're not routable.
>
>
> Oh, they're routable. One should not route them to the Internet, though.
>
>
>>The other day while I was
>>helping someone they pinged me and the return address on their packets
>>was 172.16.x.x. They were several hundred miles away so their packets
>>had to get routed through a number of hops before it got to me. Can
>>someone explain why this worked? Thanks.
>
>
> Please post a traceroute.
>
> Yours,
> VB.

I did a traceroute at the time and it died about two hops outside my
network. I don't have a copy to post.

Report this message

#6: Re: 172.16.x.x routable?

Posted on 2005-10-15 21:59:03 by ibuprofin

In the Usenet newsgroup comp.security.firewalls, in article
<%D04f.1529$nk2.407@trnddc07>, null wrote:

>I was under the impression that 172.16.x.x-172.31.x.x addresses were
>used for private ip addresses like the 192.168.x.x addresses are.

1918 Address Allocation for Private Internets. Y. Rekhter, B.
Moskowitz, D. Karrenberg, G. J. de Groot, E. Lear. February 1996.
(Format: TXT=22270 bytes) (Obsoletes RFC1627, RFC1597) (Also BCP0005)
(Status: BEST CURRENT PRACTICE)

>I also thought that meant they're not routable.

Correct - you can not send packets TO such an address over the Internet.
This is NOT to say you can't use these addresses within an entity like an
individual company/ISP. However, there is nothing in the basic routing
algorithm that says you can not have this as the _source_ address in a
packet. For TCP, don't expect the connection to work - because the
returning SYN/ACK packet goes nowhere, and the same for a ping.

>The other day while I was helping someone they pinged me and the return
>address on their packets was 172.16.x.x. They were several hundred miles
>away so their packets had to get routed through a number of hops before
>it got to me. Can someone explain why this worked?

Two possible explanations - you're not supplying enough details to know
which is the problem.

1. The "other guy" is on the same ISP as you. Your posting IP is a
Verizon address, and they're not exactly small, or clueful.

2. The "other guy" is NOT the same ISP as you, and your ISP is totally
clueless and hasn't bothered to implement RFC2827.

2827 Network Ingress Filtering: Defeating Denial of Service Attacks
which employ IP Source Address Spoofing. P. Ferguson, D. Senie. May
2000. (Format: TXT=21258 bytes) (Obsoletes RFC2267) (Updated by
RFC3704) (Also BCP0038) (Status: BEST CURRENT PRACTICE)

While RFC2827 only deals with filtering bogus source addresses at the
destination, the more clueful ISPs also drop bogus source addresses
outbound at their perimeter. As a general rule, routers should be
configured to drop bogus source addresses when the address will no
longer be usable. For example - customer use of those IPs (which
customer?) should be blocked. While it is permitted to use RFC1918
addresses internally, if the ISP is using such addresses for local
purposes (your posting hostname implies Dallas TX, yet Verizon, formerly
known as Bell Atlantic is headquartered in Reston VA) they should
(and likely will) be dropped when reaching internal region boundaries.

If the 'ping' worked (they got a reply) answer 1 above applies. If
answer 2 applies, then they would not get a reply to their ping.

Also see RFC3330 for other address blocks that have routing problems.

3330 Special-Use IPv4 Addresses. IANA. September 2002. (Format:
TXT=16200 bytes) (Status: INFORMATIONAL)

These RFCs are available at http://www.ietf.org/rfc/rfc0000.txt (replace
the four zeros with the four digit document number) and hundreds of
mirrors around the world.

Old guy

Report this message