Private IP RFC1918 packets allowed to leak out

  • I stumbled upon this thinking I was scanning my own network only to find my scan was run against someones cisco far far away.  My LAN uses a /24 network from the 10/8 range.  I scanned a single IP address with only the 3rd octet different.  (Not in my network but close.)

    The scan went out through my pfsense firewall and discovered someone elses router.  I traceroute it and its 5 hops away, through my ISP.

    Anyway, I still have the 2 default rules in my firewall set blocking private IP space.  Any idea how these packets got out?

  • Wow, your ISP shouldn't route RFC1918 space anywhere. Apparently they use it inside their network, likely one of their routers you were hitting.

    The block private networks only applies to the WAN interface, only for traffic initiated outside. If you want to keep RFC1918 packets from going out, put deny rules on your LAN as well.

    WAN rules, and the block private networks feature only apply to traffic initiated from the Internet. This traffic was initiated from your LAN, and your LAN rules allowed it.

Log in to reply