RE: Strange response from PIX

From: Vinny Lape (
Date: 07/04/05

  • Next message: "Apache Requests"
    To: <>
    Date: Mon, 4 Jul 2005 17:45:42 -0400

    Read the response I sent you last week. The traffic you see is the CMTS
    talking to your cable modem. That is why it is showing as 10.X on the
    outside interface.

    -----Original Message-----
    From: dissolved []
    Sent: Thursday, June 30, 2005 5:36 PM
    To: 'Vinny Lape'
    Subject: RE: Strange response from PIX

    Hi ,
    Yes, my internal IP scheme is 192.168.x.x/24
    This response was coming from the external interface of the PIX. I have no
    dual nic'd servers, one of the servers has a trunk card in it, but all of
    it's IPs are in the network.

    I'm viewing the running config of the pix right now, and no where do I see a
    10. address....


    -----Original Message-----
    From: Vinny Lape []
    Sent: Thursday, June 30, 2005 4:42 PM
    To: 'dissolved'
    Subject: RE: Strange response from PIX

    What is your internal IP scheme 192.168.x.X?
    Do you have anyone tinkering with IP addys inhouse?
    What eth is this 10.X coming from? If from inside do you have any servers
    with dual nic's?

    Anyhow with a bit more info I may be able to help

    -----Original Message-----
    From: dissolved []
    Sent: Wednesday, June 29, 2005 8:48 PM
    Subject: Strange response from PIX

    Hi all,

    >From the DMZ (1.0), I ran an nmap scan (-sA switch) towards the subnet my
    PIX protects ( /24). I ran a sniffer while doing this, and
    noticed the PIX responded with an ip of I dont have a class
    A scheme. Why is this address showing up from the PIX?

    05:10:05.232940 IP (tos 0x0, ttl 254, id 39360, offset 0, flags [none],
    proto: ICMP (1), length: 56) > ICMP host unreachable - admin prohibited filter, length 36


  • Next message: "Apache Requests"