Open source software security

Reserved IP Addresses

30 November -0001

The 'reserved' address space is intended for internal LAN networks. These addresses will not route over the internet, so multiple computer can have the address across the internet (although only one machine on a LAN should have the address). Since the IP addresses in the range are never able to be transmitted outside of the LAN, there is never any confusion as to who owns the address. For instance, your home machine might have the IP address 192.168.0.3, and you friend's home machine might also have that address. The reason for this is that whatever uplink method you are using (cable modem, DSL, etc.) actually takes a working IP address, such as 133.45.68.12, and performs Network Address Translation (NAT) so that all the machines behind the device appear to be using that device's IP address. This means that if you have two machines at home, one with an IP of 192.168.0.2, and one with the IP of 192.168.0.3, both machines will actually appear to send requests across the internet with the IP address reserved by the uplink device. This device is assigned two addresses actually, one facing the internet (a legitimate one that routes externally) and an internal one that faces the home LAN and only routes internally. This is handy since your device might have the IP of 192.168.0.1, which won't route on the internet, so is only accessible from machines on the home LAN. In the same way NAT provides a level of protection for the machines on the reserved IP address space, since the uplink device controls requests to those machines, and typically will only allow requests that originate from within the LAN (so you can still surf the web, but a malicious external user can't connect to your Remote Desktop service).

TCP/IP addresses reserved for 'private' networks are:

10.0.0.0       to     10.255.255.255  -  Class A
172.16.0.0     to     172.31.255.255  -  Class B
192.168.0.0    to     192.168.255.255 -  Class C

These are invalid addresses on the internet. Routers don't route them.