[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: Question about exit policy.
On 5/23/05, Humberto Ortiz Zuazaga <humberto@xxxxxxxxxxxx> wrote:
> For better or worse, many servers place more trust in clients on local
> networks than external clients. The default exit rules allow exits to local
> networks except when the local network is private. Shouldn't public local
> networks get the same treatment?
The reserved address ranges are well know (10.* etc), but it's very
difficult to determine what is a local network outside of that. One
could query the local routing table, but not in a platform generic way
and not with any chance of knowing exactly what should be considered
local.
Node operators should deny exit to the local network if the local
network has any undue trust based on IP. Let another router come in
from the outside if in doubt.
AGL
--
Adam Langley agl@xxxxxxxxxxxxxxxxxx
http://www.imperialviolet.org (+44) (0)7906 332512
PGP: 9113 256A CC0F 71A6 4C84 5087 CDA5 52DF 2CB6 3D60