Re: 192.168.x.x oddities

From: Ranjeet Shetye (ranjeet.shetye2_at_zultys.com)
Date: 06/17/04

  • Next message: Salasche, David: "RE: Possilbe New Arp DoS - dosprmwin.exe"
    Date: Thu, 17 Jun 2004 13:33:47 -0700
    To: security-basics@securityfocus.com
    
    

    * Nathaniel Hall (halln@otc.edu) wrote:
    > A common misconception is that the 10.0.0.0, 172.16.0.0 and 192.168.0.0
    > network are non-routable. This is NOT true. Most routers are setup to not
    > route the addresses, but they can be routed.

    To be very precise, RFC 1918 addresses are not *publicly* routable. They
    are privately routable e.g. routing such packets between Engineering and
    Testing within a company, where all addresses are RFC 1918 addresses.

    >
    > Your problem could be this or it could be that a system is mis-configured
    > and is just trying to figure out where it can go.
    >
    > ~~~~~~~~~~~~~~~~~~~~~~~~~~
    > Nathaniel Hall
    > Intrusion Detection and Firewall Technician
    > Ozarks Technical Community College -- Office of Computer Networking
    > 417-799-0552
    >
    > -----Original Message-----
    > From: Jimmy Brokaw [mailto:hedgie@hedgie.com]
    > Sent: Monday, June 14, 2004 4:49 PM
    > To: security-basics@securityfocus.com
    > Subject: 192.168.x.x oddities
    >
    > This seems like a stupid question from a non-guru like me, but I've asked
    > a couple of the "gurus" I know and gotten nothing but strange looks.
    >
    > I run a small network at home, using a wireless router to connect to a
    > cable modem. My internal IPs all fall in the 192.168.0.x range, which is
    > the only address-space the router is configured to support. I've got
    > authentication and logging, so before anyone says "I bet it's a neighbor
    > using your connection," I've verified nobody else is logging in.
    >
    > My understanding is that the entire 192.168.x.x range is for internal
    > networks only (RFC 1918), and unrouteable on the Internet. When I run the
    > following command, however, I can see several computers:
    >
    > [computer]$ nmap 192.168.*.* -sP
    >
    > I get what looks like four computers (in addition to mine), plus some x.0
    > and x.255 addresses responding to the pings. I picked one at random, and
    > it appears to belong to my ISP. Doing a traceroute, I found the packet
    > reached its destination at a public (routeable) address, indicating to me
    > the machine has two addresses on the same interface. RFC 1918 states:
    >
    > One might be tempted to have both public and private addresses on the
    > same physical medium. While this is possible, there are pitfalls to
    > such a design (note that the pitfalls have nothing to do with the use
    > of private addresses, but are due to the presence of multiple IP
    > subnets on a common Data Link subnetwork). We advise caution when
    > proceeding in this area.
    >
    > Am I therefore correct in my assumption that the ISP is routing my pings
    > onto their internal network? Is this a normal response? It seems like
    > there ought to be security concerns here, but I can't nail them down,
    > except the assumption that traffic destined for 192.168.x.x addresses may
    > not be filtered as well (or at all), since it may be assumed it originated
    > from within the internal network.
    >
    >
    >
    >
    > --
    > \\\\\ hedgie@hedgie.com
    > \\\\\\\__o Bringing hedgehogs to the common folk since 1994.
    > __\\\\\\\'/________________________________________________________
    >
    > Visit http://www.hedgie.com for information on my latest book,
    > "Waiting for War," published by Aventine Press!
    >
    > ---------------------------------------------------------------------------
    > Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
    > any course! All of our class sizes are guaranteed to be 10 students or less
    > to facilitate one-on-one interaction with one of our expert instructors.
    > Attend a course taught by an expert instructor with years of in-the-field
    > pen testing experience in our state of the art hacking lab. Master the
    > skills
    > of an Ethical Hacker to better assess the security of your organization.
    > Visit us at:
    > http://www.infosecinstitute.com/courses/ethical_hacking_training.html
    > ----------------------------------------------------------------------------
    >
    >
    >
    >
    > ---------------------------------------------------------------------------
    > Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
    > any course! All of our class sizes are guaranteed to be 10 students or less
    > to facilitate one-on-one interaction with one of our expert instructors.
    > Attend a course taught by an expert instructor with years of in-the-field
    > pen testing experience in our state of the art hacking lab. Master the skills
    > of an Ethical Hacker to better assess the security of your organization.
    > Visit us at:
    > http://www.infosecinstitute.com/courses/ethical_hacking_training.html
    > ----------------------------------------------------------------------------
    >

    -- 
    Ranjeet Shetye
    Senior Software Engineer
    Zultys Technologies
    Ranjeet dot Shetye at Zultys dot com
    http://www.zultys.com/
     
    The views, opinions, and judgements expressed in this message are solely those of
    the author. The message contents have not been reviewed or approved by Zultys.
    ---------------------------------------------------------------------------
    Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
    any course! All of our class sizes are guaranteed to be 10 students or less 
    to facilitate one-on-one interaction with one of our expert instructors. 
    Attend a course taught by an expert instructor with years of in-the-field 
    pen testing experience in our state of the art hacking lab. Master the skills 
    of an Ethical Hacker to better assess the security of your organization. 
    Visit us at: 
    http://www.infosecinstitute.com/courses/ethical_hacking_training.html
    ----------------------------------------------------------------------------
    

  • Next message: Salasche, David: "RE: Possilbe New Arp DoS - dosprmwin.exe"

    Relevant Pages

    • RE: Network Traffic Monitor
      ... Subject: Network Traffic Monitor ... > Ethical Hacking at the InfoSec Institute. ... > pen testing experience in our state of the art hacking lab. ... to facilitate one-on-one interaction with one of our expert instructors. ...
      (Security-Basics)
    • Re: Strange pings from 127.0.0.1
      ... DoS where it resolves to DNS, ... > within our 192.168.1.* network as well as to random Internet addresses. ... > Ethical Hacking at the InfoSec Institute. ... > pen testing experience in our state of the art hacking lab. ...
      (Security-Basics)
    • Re: Strange pings from 127.0.0.1
      ... >within our 192.168.1.* network as well as to random Internet addresses. ... >Ethical Hacking at the InfoSec Institute. ... >pen testing experience in our state of the art hacking lab. ... Master the skills ...
      (Security-Basics)
    • Re: Network Discovery & Asset Management Tools
      ... I suggest using SMS 2.0 the network and asset management functions of it ... > Ethical Hacking at the InfoSec Institute. ... > pen testing experience in our state of the art hacking lab. ...
      (Security-Basics)
    • RE: restore Administrator password
      ... >> Ethical Hacking at the InfoSec Institute. ... >> Attend a course taught by an expert instructor with years of ... >> pen testing experience in our state of the art hacking lab. ...
      (Security-Basics)