FW: Questions about 192.168
From: check (check_at_wescom.org)
Date: 07/09/03
- Previous message: Meidinger Chris: "AW: Getting an IP address from a MAC address"
- Maybe in reply to: Jim: "Questions about 192.168"
- Next in thread: Dozal, Tim: "RE: Questions about 192.168"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "'security-basics@securityfocus.com'" <security-basics@securityfocus.com> Date: Tue, 8 Jul 2003 16:56:32 -0700
-----Original Message-----
From: David Gillett [mailto:gillettdavid@fhda.edu]
Sent: Tuesday, July 08, 2003 12:59 PM
To: security-basics@securityfocus.com
Subject: RE: Questions about 192.168
> Since 192.168 is a non-routeable IP (ie: wont reach the
> Internet), it's
> no real surprise that nothing answered you from 100 subnet.
>
> Unless you are running several computers, connected to a single
> hub/switch, with IP addresses of 192.168.100.xxx, you will not reach
> anything.
You'll be able to "reach" a lot of things, but since they can't get an
answer back to you, the TCP handshake will fail.
> There should be no way that a traceroute from an internal IP address
> should go through an external IP and back to an internal IP.
>
> Is your NIC configure with both an internal and external IP?
In order to get back answers to you, your outbound traceroute
requests will need a public IP address as source if they go beyond your
enterprise network. NAT can take care of that.
Some of the answers may come from devices which are part of networks that
also use RFC1918 addresses. Unless they implement NAT at their borders --
NOT a good idea for long-haul bandwidth providers! -- you will see these
addresses listed in the traceroute.
That does NOT mean that you can talk directly to those devices using those
addresses....
> jim: 3. I recently checked my firewall (Network ICE), and
> noticed an attack
> jim: from this IP: 192.168.1.113. I tried to ping the
> attacking IP, but no
> jim: response. The attack details were these:
> jim: TCP OS Fingerprint, and then FTP Port Probe. Does this
> make any sense?
> jim: How can someone use a supposedly local IP (192.168) to
> attack me?
> jim: (Cable modem with 2 computers hooked up).
>
> Spoofed source IP address.
Not even.
But note that it's possible to do damage with a single ICMP or UDP packet
(e.g. Slammer...). If the attacker doesn't need to get an answer back,
there's no need for the source address to be valid/reachable.
>
> As mentioned above, the class "B" 192.168.xxx.yyy IPs and class "A"
> 10.xxx.yyy.zzz IPs (as well as a class "C" set of IP addresses) are
> not routeable.
1. 192.168.x.x *is* Class "C". The class B range is 172.16.x.x through
172.31.x.x.
2. "not routeable" is a very misleading term, because it's perfectly legal
to implement routing for them between subnets within an enterprise
network.
What's NOT legal is to broadcast these routes to the global Internet,
where they would conflict with every other enterprise that also uses them.
David Gillett
---------------------------------------------------------------------------
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
The Gartner Group just put Neoteris in the top of its Magic Quadrant, while
InStat has confirmed Neoteris as the leader in marketshare.
Find out why, and see how you can get plug-n-play secure remote access in
about an hour, with no client, server changes, or ongoing maintenance.
Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
----------------------------------------------------------------------------
**********************************************************************
This email and any files transmitted with it are confidential
and intended solely for the use of the individual or entity to
whom they are addressed. If you have received this email
in error, please delete it immediately and advise the sender.
WESCOM CREDIT UNION (626) 535-1000
**********************************************************************
---------------------------------------------------------------------------
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
The Gartner Group just put Neoteris in the top of its Magic Quadrant,
while InStat has confirmed Neoteris as the leader in marketshare.
Find out why, and see how you can get plug-n-play secure remote access in
about an hour, with no client, server changes, or ongoing maintenance.
Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
----------------------------------------------------------------------------
- Previous message: Meidinger Chris: "AW: Getting an IP address from a MAC address"
- Maybe in reply to: Jim: "Questions about 192.168"
- Next in thread: Dozal, Tim: "RE: Questions about 192.168"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
