Re: Logging into mike

[Doug Welch <welch@physics.mcmaster.ca>]

Hi Robert,

It just isn't the case that ALL non-routable addresses have that
form. The 10.xxx.xxx.xxx and 192.168.xxx.xxx are of that form and
so are the 172.xxx.xxx.xxx's.

Cheers,
Doug

On Mon, 20 Dec 2004, Robert J. Bradbury wrote:

> 
> On Mon, 20 Dec 2004, Doug Welch wrote:
> 
> > You would think this, but you would be wrong. Earthlink seems to
> > run their DSL over a non-routable address which the router sees.
> > (One of those 172.xxx.xxx.xxx addresses.) So the router doesn't know
> > the true external IP.
> 
> Oh boy, now this gets messy...
> 
> First of all, the non-routable addresses are of the form...
>    192.168.X.Y
> *All* TASS sytems which do not need to have internet access
> should have assigned IP addresses in this range -- this is
> to avoid the possibility of any security breakin attempts
> from reaching those systems.  Routers and operating systems
> do not route these addresses so they are never visible to
> the external world.
> 
> For example I will not connect any Microsoft based operating
> system (DOS, Windows, Win2K, etc.) my LAN unless they have
> an assigned IP address in the range cited above because they
> are too insecure.
> 
> To determine the IP addresses of the systems on your network,
> you can use a program "nslookup".  This works both under Linux
> and DOS shells.  I.e. one types
>   nslookup
> one should get a '> ' prompt.  Then one types:
>   ls -d domain.com
> perhaps
>   ls -d tass.com          ????
> 
> (so for myself I type "ls -d aeiveos.com" and I get a list of
> all of the domain records for my systems).  For Tom's situation
> it depends whether he has one of his systems distributing the
> domain name information on his on systems or whether he is
> distributing domain name mappings (between a name like name
> "mike.xxx.yyy" to ###.###.###.###) using his ISP.  Most ISP's
> (at least the better ones) allow you to select to allow the
> user to control the domain name mappings (from name to number).
> The less sophisticated ones require that you do this through their
> domain name mapping software [this may include Earthlink].
> 
> To a large extent this depends upon how many Version 4 IP addresses
> have been allocated to a specific ISP.  If they have a lot of
> addresses allocated they could grant someone like Tom 8, 16, 32, etc.
> of them and he could allocate them between his machines as he sees fit.
> If they do not have a lot of them (Earthlink???) then they will
> only grant him a single IP address and it will generally be assigned
> to his router and then one will have to go through a strange process
> known as Network Address Translation (NAT) to have the router match
> up various messages as coming from or being sent to specific machines.
> How this all works I am unsure.  This will change when the U.S. migrates
> from IPV4 (the primary current protocol here) to IPV6 (a more common
> protocol in Asia).  That process is taking place *slowly*.  At this
> time there is a shortage of IPV4 interenet addresses so convincing
> an ISP to give you a block of 8 that you can use may be difficult.
> 
> But the basic rules would be:
> a) Get control over a block of IP addresses;
> b) Change your ISP DNS config to do lookups on your machines rather than
>    their machines;
> c) Verify that your DNS lookup process is working correctly.
> 
> My 2 cents.
> Robert
> 
> 
> 
> 

-- 
==================================================================
 Douglas L Welch     | Res office/voicemail (905) 525-9140 x23186  
 Physics & Astronomy | FAX                  (905) 546-1252 
 McMaster University | 
 Hamilton, Ontario   | 
 Canada L8S 4M1      | E-mail           welch@physics.mcmaster.ca
==================================================================