[olug] DNS lookups lagging?
Sam Tetherow
tetherow at shwisp.net
Wed Aug 27 20:13:44 UTC 2008
These can come from a couple of places. People really do plug stuff in
backwards especially if it stops working for some reason. They unplug
stuff, plug it back in and then decide they need to call, usually a
couple of days later. Meanwhile they are spewing private IP all over.
Another problem is cheap routers will leak. Usually a power cycle will
fix them most likely it is memory corruption from too many ARP records.
Sam Tetherow
Sandhills Wireless
Rob Townley wrote:
> i like NAT as well, but have always had concerns about leakage. Most of us
> probably have the following:
> internet <> CableModem <> NAT <> servers and workstations
>
> 192.168.*.* is not supposed to be leaked out of your router, but then how is
> it that we can ping and open 192.168.100.1 which is the web page of the
> Cable Modem? Ever done a packet capture on a hub connecting your NAT's WAN
> port and Cable Modem? There can be tons of leaked private addresses. A
> long time ago on cox at home connection, would have all sorts of 192.168.*.*
> that must be your neighbors or cox infrastructure.
>
> On Tue, Aug 26, 2008 at 11:50 PM, DYNATRON tech <dynatron at gmail.com> wrote:
>
>
>> my router's firewall works just fine.
>> just in case, i also set my toaster's gateway address to 127.0.0.1
>>
>>
>>
>> On 8/26/08, Will Langford <unfies at gmail.com> wrote:
>>
>>>> NAPT is not supposed to "protect" you in any way. It's just a hack to
>>>> workaround the limitations of the small IPv4 address space. It would be
>>>> perfectly valid for a NAPT router to attempt to automate port
>>>>
>> forwarding
>>
>>> by
>>>
>>>> passing on an unknown port to *all* systems and giving it to the first
>>>>
>> to
>>
>>>> ACK
>>>> it-- which means Nigerians could still get to your toaster without a
>>>>
>>> proper
>>>
>>>> firewall in place.
>>>>
>>>>
>>> As a quick shrink wrap solution that works for 90-95% of ppl, nat/masq
>>>
>> does
>>
>>> great as a firewall deal .
>>>
>>> When everything gets globally aware, I sincerely hope they do something
>>> more along the lines of a universal home server that everything talks to
>>> (or
>>> similar)... I'd rather secure one device than hundreds. Who's going to
>>> provide that single server ? Hah, would I like to be the one :). $$$$!!!
>>>
>>> -Will
>>> _______________________________________________
>>> OLUG mailing list
>>> OLUG at olug.org
>>> https://lists.olug.org/mailman/listinfo/olug
>>>
>>>
>>
>> --
>> dynatron digital services
>> box 191 - 68037
>> www.dynatron.org
>> dynatron at gmail.com
>> _______________________________________________
>> OLUG mailing list
>> OLUG at olug.org
>> https://lists.olug.org/mailman/listinfo/olug
>>
>>
> _______________________________________________
> OLUG mailing list
> OLUG at olug.org
> https://lists.olug.org/mailman/listinfo/olug
>
More information about the OLUG
mailing list