nav[aria-label="Primary Navigation"] { padding: 0; & ul { list-style: none; width: 100%; display: flex; flex-direction: row; justify-content: start; align-items: start; gap: 30px; padding: 0; & li { margin: 0; } & ul li { list-style: none; } } }

Public addresses on LAN?

mzinz

I recently encountered a business network that was using PUBLIC addresses on their LAN. Their router is handing out public addresses via DHCP. They do not own these addresses.

They are using NAT on their router.

Is this still considered bad? I mean, other than the low possibility of a routing problem (if the internal block they are using is the same as a server they try to access online), why is this a problem?

Find more posts tagged with

SAVE $250 on Your CISCO Boot Camp — Use Code "EXAM26"

Exclusively for TechExams members for Infosec Boot Camps starting before April 30, 2026

View CISCO Boot Camps

Comments

hypnotoad

I guess if the ISP will route it, it can't be all the customer's fault.

Forsaken_GA

It'll only be a problem when they try to connect to something externally that has the same address as something internally. Everything else willl work because the router will NAT these to a proper public IP.

It's not unheard of, but it is really bad form. The ISP isn't at fault at all, they have no way of knowing how things are addressed behind the NAT. As long as the customer doesn't try to do something stupid like attempt to hijack the space by annoucing the routes themselves, the global routing community won't notice anything at all.

mzinz

Forsaken_GA wrote: »

It'll only be a problem when they try to connect to something externally that has the same address as something internally. Everything else willl work because the router will NAT these to a proper public IP.

It's not unheard of, but it is really bad form. The ISP isn't at fault at all, they have no way of knowing how things are addressed behind the NAT. As long as the customer doesn't try to do something stupid like attempt to hijack the space by annoucing the routes themselves, the global routing community won't notice anything at all.

Ok. Just wanted to make sure there was nothing I was missing.

keenon

LMAO .. I saw this at the last place i worked for they were using an entire class B internally. I tried hard to make them to use private ip addressing. It helped some but over all they did what they wanted. not a single contigous ip block in the most of the place