RE: Antwort: RFC 1911 IPs in my firewall logs

From: Mark McNally (mark.mcnally@aceinfo.net.au)
Date: 01/24/02 

Date: Thu, 24 Jan 2002 10:19:33 +1000
From: "Mark McNally" <mark.mcnally@aceinfo.net.au>
To: <balg@x-md.de>, <Carsten.Schuette@hitcon.de>

Only W2k and WinXP use 169.254.x.y if there is no DHCP server, Win9x
uses 192.168.*.

Mark

-----Original Message-----
From: balg@x-md.de [mailto:balg@x-md.de]
Sent: Tuesday, 22 January 2002 10:08 PM
To: Carsten.Schuette@hitcon.de
Cc: security-basics@securityfocus.com
Subject: RE: Antwort: RFC 1911 IPs in my firewall logs

No thats not entirely right because the Automatic Private IP Adressing
(APIPA) Feature of Windows uses Adresses in the Range 169.254.x.y

Andreas Balg
X-MD

-----Original Message-----
From: Carsten.Schuette [mailto:Carsten.Schuette@hitcon.de]
Sent: Saturday, January 19, 2002 1:42 PM
To: security-basics
Subject: Antwort: RFC 1911 IPs in my firewall logs

If I remember right, setting a NIC in Windows to DHCP and there is no
Server, the IP is set to something in 192.168.*. Maybe there is Winbox
near
You spamming the line?

Hello all,

Reviewing my home office firewall logs, I noticed an
entry in which someone tried to connect to my
external interface with an IP of 192.168.50.xx. I
assume it's a spoofed address, but I just don't know
how they got it to traverse the Internet? How can that
be routed?

Thanks.

HITCON AG
Carsten Schütte
Gartenstasse 208
48147 Münster
Telefon: 0251/2801-129
Telefax: 0251/2801-280
Mobil: 0170/6364-129
E-Mail: info@hitcon.de
Internet: http://www.hitcon.de