RE: Questions about 192.168

From: David Gillett (gillettdavid_at_fhda.edu)
Date: 07/08/03

  • Next message: D. Weiss: "RE: Questions about 192.168"
    To: <security-basics@securityfocus.com>
    Date: Tue, 8 Jul 2003 12:59:22 -0700
    
    

    > Since 192.168 is a non-routeable IP (ie: wont reach the
    > Internet), it's
    > no real surprise that nothing answered you from 100 subnet.
    >
    > Unless you are running several computers, connected to a single
    > hub/switch, with IP addresses of 192.168.100.xxx, you will not reach
    > anything.
     
      You'll be able to "reach" a lot of things, but since they can't
    get an answer back to you, the TCP handshake will fail.
     
    > There should be no way that a traceroute from an internal IP address
    > should go through an external IP and back to an internal IP.
    >
    > Is your NIC configure with both an internal and external IP?
     
      In order to get back answers to you, your outbound traceroute
    requests will need a public IP address as source if they go beyond
    your enterprise network. NAT can take care of that.
      Some of the answers may come from devices which are part of
    networks that also use RFC1918 addresses. Unless they implement
    NAT at their borders -- NOT a good idea for long-haul bandwidth
    providers! -- you will see these addresses listed in the traceroute.
      That does NOT mean that you can talk directly to those devices
    using those addresses....
     
     
    > jim: 3. I recently checked my firewall (Network ICE), and
    > noticed an attack
    > jim: from this IP: 192.168.1.113. I tried to ping the
    > attacking IP, but no
    > jim: response. The attack details were these:
    > jim: TCP OS Fingerprint, and then FTP Port Probe. Does this
    > make any sense?
    > jim: How can someone use a supposedly local IP (192.168) to
    > attack me?
    > jim: (Cable modem with 2 computers hooked up).
    >
    > Spoofed source IP address.
     
      Not even.

      But note that it's possible to do damage with a single ICMP or
    UDP packet (e.g. Slammer...). If the attacker doesn't need to
    get an answer back, there's no need for the source address to be
    valid/reachable.
     
    >
    > As mentioned above, the class "B" 192.168.xxx.yyy IPs and class
    > "A" 10.xxx.yyy.zzz IPs (as well as a class "C" set of IP addresses)
    > are not routeable.

    1. 192.168.x.x *is* Class "C". The class B range is 172.16.x.x
    through 172.31.x.x.

    2. "not routeable" is a very misleading term, because it's perfectly
    legal to implement routing for them between subnets within an enterprise
    network.
      What's NOT legal is to broadcast these routes to the global Internet,
    where they would conflict with every other enterprise that also uses
    them.

    David Gillett

    ---------------------------------------------------------------------------
    Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
    The Gartner Group just put Neoteris in the top of its Magic Quadrant,
    while InStat has confirmed Neoteris as the leader in marketshare.
         
    Find out why, and see how you can get plug-n-play secure remote access in
    about an hour, with no client, server changes, or ongoing maintenance.
              
    Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
    ----------------------------------------------------------------------------


  • Next message: D. Weiss: "RE: Questions about 192.168"

    Relevant Pages

    • FW: Questions about 192.168
      ... > no real surprise that nothing answered you from 100 subnet. ... > noticed an attack ... What's NOT legal is to broadcast these routes to the global Internet, ... Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! ...
      (Security-Basics)
    • MUSLIMS PIGS ATTACK!
      ... Leading Blog Attacked by Muslim Cyber-terrorists ... Internet, announced just now, "Last Tuesday, during or immediately ... intentional attack to deny our Constitutional right to free speech and ... against terrorism could not have been undertaken by amateurs. ...
      (alt.politics)
    • MUSLIM PIGS!
      ... Leading Blog Attacked by Muslim Cyber-terrorists ... Internet, announced just now, "Last Tuesday, during or immediately ... intentional attack to deny our Constitutional right to free speech and ... against terrorism could not have been undertaken by amateurs. ...
      (alt.religion.islam)
    • MUSLIM PIGS ATTACK!
      ... Leading Blog Attacked by Muslim Cyber-terrorists ... Internet, announced just now, "Last Tuesday, during or immediately ... intentional attack to deny our Constitutional right to free speech and ... against terrorism could not have been undertaken by amateurs. ...
      (alt.politics.bush)
    • [Full-disclosure] STEP Security
      ... Internet-Drafts are working documents of the Internet Engineering ... security in otherwise insecure environments. ... APT (Another Possible Threat) ... of a cyber attack before more terabytes of data are exfiltrated from ...
      (Full-Disclosure)