Home: www.packetnexus.com
I use a firewall filter, but you can throw up a filter to check for them. I also check for outgoing and incoming leakage: On my Cisco I do this. Access lists: access-list 101 deny ip mynetwork any log-input access-list 101 deny ip 127.0.0.0 0.255.255.255 any log-input access-list 101 deny ip 10.0.0.0 0.255.255.255 any log-input access-list 101 deny ip 172.16.0.0 0.15.255.255 any log-input access-list 101 deny ip 192.168.0.0 0.0.255.255 any log-input access-list 101 permit ip any any access-list 102 permit ip mynetwork any access-list 102 deny ip any any log In wan interfaces: ip access-group 101 in ip access-group 102 out You can accomplish these filters with any firewall using similar rules. I was wondering if anyone knows of a method to test a NAT system for address space leakage. Thanks. --Bob Back to the Index