Re: 192.168.x.x oddities

• Previous message: Tenorio, Leandro: "RE: Reconstructing network topology maps"
• In reply to: Nathaniel Hall: "RE: 192.168.x.x oddities"
• Next in thread: Shawn Jackson: "RE: 192.168.x.x oddities"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 17 Jun 2004 13:33:47 -0700
To: security-basics@securityfocus.com

* Nathaniel Hall (halln@otc.edu) wrote:
> A common misconception is that the 10.0.0.0, 172.16.0.0 and 192.168.0.0
> network are non-routable. This is NOT true. Most routers are setup to not
> route the addresses, but they can be routed.

To be very precise, RFC 1918 addresses are not *publicly* routable. They
are privately routable e.g. routing such packets between Engineering and
Testing within a company, where all addresses are RFC 1918 addresses.

>
> Your problem could be this or it could be that a system is mis-configured
> and is just trying to figure out where it can go.
>
> ~~~~~~~~~~~~~~~~~~~~~~~~~~
> Nathaniel Hall
> Intrusion Detection and Firewall Technician
> Ozarks Technical Community College -- Office of Computer Networking
> 417-799-0552
>
> -----Original Message-----
> From: Jimmy Brokaw [mailto:hedgie@hedgie.com]
> Sent: Monday, June 14, 2004 4:49 PM
> To: security-basics@securityfocus.com
> Subject: 192.168.x.x oddities
>
> This seems like a stupid question from a non-guru like me, but I've asked
> a couple of the "gurus" I know and gotten nothing but strange looks.
>
> I run a small network at home, using a wireless router to connect to a
> cable modem. My internal IPs all fall in the 192.168.0.x range, which is
> the only address-space the router is configured to support. I've got
> authentication and logging, so before anyone says "I bet it's a neighbor
> using your connection," I've verified nobody else is logging in.
>
> My understanding is that the entire 192.168.x.x range is for internal
> networks only (RFC 1918), and unrouteable on the Internet. When I run the
> following command, however, I can see several computers:
>
> [computer]$ nmap 192.168.*.* -sP
>
> I get what looks like four computers (in addition to mine), plus some x.0
> and x.255 addresses responding to the pings. I picked one at random, and
> it appears to belong to my ISP. Doing a traceroute, I found the packet
> reached its destination at a public (routeable) address, indicating to me
> the machine has two addresses on the same interface. RFC 1918 states:
>
> One might be tempted to have both public and private addresses on the
> same physical medium. While this is possible, there are pitfalls to
> such a design (note that the pitfalls have nothing to do with the use
> of private addresses, but are due to the presence of multiple IP
> subnets on a common Data Link subnetwork). We advise caution when
> proceeding in this area.
>
> Am I therefore correct in my assumption that the ISP is routing my pings
> onto their internal network? Is this a normal response? It seems like
> there ought to be security concerns here, but I can't nail them down,
> except the assumption that traffic destined for 192.168.x.x addresses may
> not be filtered as well (or at all), since it may be assumed it originated
> from within the internal network.
>
>
>
>
> --
> \\\\\ hedgie@hedgie.com
> \\\\\\\__o Bringing hedgehogs to the common folk since 1994.
> __\\\\\\\'/________________________________________________________
>
> Visit http://www.hedgie.com for information on my latest book,
> "Waiting for War," published by Aventine Press!
>
> ---------------------------------------------------------------------------
> Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
> any course! All of our class sizes are guaranteed to be 10 students or less
> to facilitate one-on-one interaction with one of our expert instructors.
> Attend a course taught by an expert instructor with years of in-the-field
> pen testing experience in our state of the art hacking lab. Master the
> skills
> of an Ethical Hacker to better assess the security of your organization.
> Visit us at:
> http://www.infosecinstitute.com/courses/ethical_hacking_training.html
> ----------------------------------------------------------------------------
>
>
>
>
> ---------------------------------------------------------------------------
> Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
> any course! All of our class sizes are guaranteed to be 10 students or less
> to facilitate one-on-one interaction with one of our expert instructors.
> Attend a course taught by an expert instructor with years of in-the-field
> pen testing experience in our state of the art hacking lab. Master the skills
> of an Ethical Hacker to better assess the security of your organization.
> Visit us at:
> http://www.infosecinstitute.com/courses/ethical_hacking_training.html
> ----------------------------------------------------------------------------
>

-- 
Ranjeet Shetye
Senior Software Engineer
Zultys Technologies
Ranjeet dot Shetye at Zultys dot com
http://www.zultys.com/
 
The views, opinions, and judgements expressed in this message are solely those of
the author. The message contents have not been reviewed or approved by Zultys.
---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------

• Previous message: Tenorio, Leandro: "RE: Reconstructing network topology maps"
• In reply to: Nathaniel Hall: "RE: 192.168.x.x oddities"
• Next in thread: Shawn Jackson: "RE: 192.168.x.x oddities"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]