Re: 192.168.x.x oddities
JGrimshaw_at_ASAP.com
Date: 06/15/04
- Previous message: Maximiliano Bertacchini: "Re: SSH"
- In reply to: Jimmy Brokaw: "192.168.x.x oddities"
- Next in thread: Nathaniel Hall: "RE: 192.168.x.x oddities"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: hedgie@hedgie.com Date: Tue, 15 Jun 2004 14:04:38 -0500
I once had a heck of a time connecting to a server of mine at home, which
had the address 172.20.10.10. I could ping until I was blue in the
face--it always came back. But I couldn't connect to the share, couldn't
remote control it, nothing. The machine that I was on had a 192.168.1.x
address, randomly assigned via DHCP (I have a few subnets for playing
around in).
When I went to the server to see if I could connect to a share on the
client, I discovered the server was not even turned on!
I did a trace route from the client and indeed, it went about 7 hops along
inside my cable provider's network before coming to a halt--showing me a
myriad of private networks on the way to the finish.
So it is quite possible that your ISP has private networking enabled.
Likely some of the addresses are what your cable modem/adsl modem receives
it's TFTP connection from upon power up.
"Jimmy Brokaw" <hedgie@hedgie.com>
06/14/2004 04:48 PM
Please respond to
hedgie@hedgie.com
To
security-basics@securityfocus.com
cc
Subject
192.168.x.x oddities
This seems like a stupid question from a non-guru like me, but I've asked
a couple of the "gurus" I know and gotten nothing but strange looks.
I run a small network at home, using a wireless router to connect to a
cable modem. My internal IPs all fall in the 192.168.0.x range, which is
the only address-space the router is configured to support. I've got
authentication and logging, so before anyone says "I bet it's a neighbor
using your connection," I've verified nobody else is logging in.
My understanding is that the entire 192.168.x.x range is for internal
networks only (RFC 1918), and unrouteable on the Internet. When I run the
following command, however, I can see several computers:
[computer]$ nmap 192.168.*.* -sP
I get what looks like four computers (in addition to mine), plus some x.0
and x.255 addresses responding to the pings. I picked one at random, and
it appears to belong to my ISP. Doing a traceroute, I found the packet
reached its destination at a public (routeable) address, indicating to me
the machine has two addresses on the same interface. RFC 1918 states:
One might be tempted to have both public and private addresses on the
same physical medium. While this is possible, there are pitfalls to
such a design (note that the pitfalls have nothing to do with the use
of private addresses, but are due to the presence of multiple IP
subnets on a common Data Link subnetwork). We advise caution when
proceeding in this area.
Am I therefore correct in my assumption that the ISP is routing my pings
onto their internal network? Is this a normal response? It seems like
there ought to be security concerns here, but I can't nail them down,
except the assumption that traffic destined for 192.168.x.x addresses may
not be filtered as well (or at all), since it may be assumed it originated
from within the internal network.
-- \\\\\ hedgie@hedgie.com \\\\\\\__o Bringing hedgehogs to the common folk since 1994. __\\\\\\\'/________________________________________________________ Visit http://www.hedgie.com for information on my latest book, "Waiting for War," published by Aventine Press! --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ---------------------------------------------------------------------------- --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ----------------------------------------------------------------------------
- Previous message: Maximiliano Bertacchini: "Re: SSH"
- In reply to: Jimmy Brokaw: "192.168.x.x oddities"
- Next in thread: Nathaniel Hall: "RE: 192.168.x.x oddities"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
