PDA

View Full Version : New DCHP Address

Matth
07-07-2004, 13:00
RM14 area

If you're running ultra-tight firewall rules (to prevent DHCP spoofing), then you may fall foul.

Now 10.185.6.129 - WAS 10.0.106.70-71

Are they still doubled, and if so, is the other one 128 or 130 ?
BeeJay
07-07-2004, 16:27
BH12 area

Changed to 10.185.14.131 instead of 10.0.166.70/71
Ignition
07-07-2004, 20:10
RM14 area

If you're running ultra-tight firewall rules (to prevent DHCP spoofing), then you may fall foul.

Now 10.185.6.129 - WAS 10.0.106.70-71

Are they still doubled, and if so, is the other one 128 or 130 ?

The other one would be .130 sir :)
Matth
07-07-2004, 20:43
Thanks, from the look of it, 10.185.x.x would do (and 10.0.x.x for the old ones) unless spoofed source addresses are likely - and in that case, they could spoof the RIGHT source address anyway - like everything, it's a compromise - if you hamstring everying with really tight rules, then you have to keep correcting them.
BBKing
08-07-2004, 08:25
10.185.x.x is a fairly big range - I run a bunch of kit on it, so if you want to put it in your firewalls it's all right by me. :)

I think there ought to be a list made of all the new DHCPs and you can pick your local area (they're in logical groups).
Matth
08-07-2004, 16:26
10.185.x.x is a fairly big range - I run a bunch of kit on it, so if you want to put it in your firewalls it's all right by me. :)

I think there ought to be a list made of all the new DHCPs and you can pick your local area (they're in logical groups).
But YOUR private 10.x range should not be routing to anywhere else, as anything that leaves your broadband router, should have a public source address.

You COULD spoof a private IP source address on a sent packet, but there would be no way of getting a reply.

Especially with the significance of the 10.x range in the NTL network, I would hope that they have border controls against spoofed packets.
BBKing
08-07-2004, 21:04
But YOUR private 10.x range should not be routing to anywhere else, as anything that leaves your broadband router, should have a public source address.

I was referring to my work network, not my home network. I'm very possessive about it :)
Paul
08-07-2004, 22:51
I think there ought to be a list made of all the new DHCPs and you can pick your local area (they're in logical groups).

If someone supplies it - I will stick it in the knowledgebase. :)