Mark writes:

> The Internet has no way of knowing that you own 10.251.46.xxx, so the tech
>  couldn't have accessed your private addresses from the outside world.
>
>  What possibly happened is maybe the tech telnetted and logged on to your
>  router, if he has the password to do that, and from there was able to
>  telnet/ping to your internal network.

Exactly so. I meant to write the same thing that Mark has just written, if I
had gotten the time, but with the small addendum that the tech's idea of a
firewall on your internal LAN is nonsense.

Internally, you presume your users are to be trusted. Externally, your
private address space IP addresses that constitute your LAN are invisible to
the rest of the world (indeed, they're not even unique to you; thousands of
sites can be using exactly the same addresses).

If you let someone through your router because he has the passwords, then
you've made him a trusted member of your family of users. Otherwise, he could
never see your printers.

Wirt Atmar