Re: Question about exit policy.

[Adam Langley <alangley@xxxxxxxxx>]

On 5/23/05, Humberto Ortiz Zuazaga <humberto@xxxxxxxxxxxx> wrote:
> For better or worse, many servers place more trust in clients on local
> networks than external clients. The default exit rules allow exits to local
> networks except when the local network is private. Shouldn't public local
> networks get the same treatment?

The reserved address ranges are well know (10.* etc), but it's very
difficult to determine what is a local network outside of that. One
could query the local routing table, but not in a platform generic way
and not with any chance of knowing exactly what should be considered
local.

Node operators should deny exit to the local network if the local
network has any undue trust based on IP. Let another router come in
from the outside if in doubt.


AGL

-- 
Adam Langley                                      agl@xxxxxxxxxxxxxxxxxx
http://www.imperialviolet.org                       (+44) (0)7906 332512
PGP: 9113   256A   CC0F   71A6   4C84   5087   CDA5   52DF   2CB6   3D60