RE: Strange response from PIX

From: Vinny Lape (vinny_at_cardiactelecom.com)
Date: 07/04/05

  • Next message: frank.temi_at_gmail.com: "Apache Requests" 
    To: <security-basics@securityfocus.com>
Date: Mon, 4 Jul 2005 17:45:42 -0400

    Read the response I sent you last week. The traffic you see is the CMTS
    talking to your cable modem. That is why it is showing as 10.X on the
    outside interface.

    -----Original Message-----
    From: dissolved [mailto:dissolved@comcast.net]
    Sent: Thursday, June 30, 2005 5:36 PM
    To: 'Vinny Lape'
    Cc: security-basics@securityfocus.com
    Subject: RE: Strange response from PIX

    Hi ,
    Yes, my internal IP scheme is 192.168.x.x/24
    This response was coming from the external interface of the PIX. I have no
    dual nic'd servers, one of the servers has a trunk card in it, but all of
    it's IPs are in the 192.168.1.0/24 network.

    I'm viewing the running config of the pix right now, and no where do I see a
    10. address....

    Thanks

    -----Original Message-----
    From: Vinny Lape [mailto:vinny@cardiactelecom.com]
    Sent: Thursday, June 30, 2005 4:42 PM
    To: 'dissolved'
    Subject: RE: Strange response from PIX

    What is your internal IP scheme 192.168.x.X?
    Do you have anyone tinkering with IP addys inhouse?
    What eth is this 10.X coming from? If from inside do you have any servers
    with dual nic's?

    Anyhow with a bit more info I may be able to help

    -----Original Message-----
    From: dissolved [mailto:dissolved@comcast.net]
    Sent: Wednesday, June 29, 2005 8:48 PM
    To: security-basics@securityfocus.com
    Subject: Strange response from PIX

    Hi all,

    >From the DMZ (1.0), I ran an nmap scan (-sA switch) towards the subnet my
    PIX protects (192.168.2.0 /24). I ran a sniffer while doing this, and
    noticed the PIX responded with an ip of 10.89.112.1 I dont have a class
    A scheme. Why is this 10.88.112.1 address showing up from the PIX?

    05:10:05.232940 IP (tos 0x0, ttl 254, id 39360, offset 0, flags [none],
    proto: ICMP (1), length: 56) 10.89.112.1 > 192.168.1.5: ICMP host
    192.168.2.1 unreachable - admin prohibited filter, length 36

    thanks

  • Next message: frank.temi_at_gmail.com: "Apache Requests"

    Relevant Pages

    • Re: How Can This Be - HSRP & PING
      ... capture command to see if the PIX receives the ICMP packest and replies ... This differs each time I send the Ping. ... If I ping from the PIX to the 877 I get 100% response. ...
      (comp.dcom.sys.cisco)
    • Re: Epiphone / Gibson revisited and active/passive notions
      ... If you really expect a response, next time you need to add some more ... and a few more pix;-) ... I've owned at least 3 fadeds, one with the ebony moon board. ...
      (alt.guitar)
    • RE: Strange response from PIX
      ... my internal IP scheme is 192.168.x.x/24 ... This response was coming from the external interface of the PIX. ... dual nic'd servers, one of the servers has a trunk card in it, but all of ...
      (Security-Basics)
    • Re: [fw-wiz] PIX responding with SYN+ACK to SYN+ACK probe sent on open port
      ... snip, snip, snip ... My quick test to get you some feedback targeted the pix, ... There was nothing to block a SYN+ACK response between the test machine ... you were not sending the packet to an UDP port but to the ...
      (Firewall-Wizards)
    • Re: Multiple copies of the Language Bar
      ... Microsoft CSS Online Newsgroup Support ... This newsgroup only focuses on SBS technical issues. ... Hi, thanks for the response. ... Both the Windows 2003 Standard servers and the SBS2003 are all at ...
      (microsoft.public.windows.server.sbs)