RE: Strange response from PIX

From: Vinny Lape (vinny_at_cardiactelecom.com)
Date: 07/04/05

  • Next message: frank.temi_at_gmail.com: "Apache Requests"
    To: <security-basics@securityfocus.com>
    Date: Mon, 4 Jul 2005 17:45:42 -0400
    
    

    Read the response I sent you last week. The traffic you see is the CMTS
    talking to your cable modem. That is why it is showing as 10.X on the
    outside interface.

    -----Original Message-----
    From: dissolved [mailto:dissolved@comcast.net]
    Sent: Thursday, June 30, 2005 5:36 PM
    To: 'Vinny Lape'
    Cc: security-basics@securityfocus.com
    Subject: RE: Strange response from PIX

    Hi ,
    Yes, my internal IP scheme is 192.168.x.x/24
    This response was coming from the external interface of the PIX. I have no
    dual nic'd servers, one of the servers has a trunk card in it, but all of
    it's IPs are in the 192.168.1.0/24 network.

    I'm viewing the running config of the pix right now, and no where do I see a
    10. address....

    Thanks

    -----Original Message-----
    From: Vinny Lape [mailto:vinny@cardiactelecom.com]
    Sent: Thursday, June 30, 2005 4:42 PM
    To: 'dissolved'
    Subject: RE: Strange response from PIX

    What is your internal IP scheme 192.168.x.X?
    Do you have anyone tinkering with IP addys inhouse?
    What eth is this 10.X coming from? If from inside do you have any servers
    with dual nic's?

    Anyhow with a bit more info I may be able to help

    -----Original Message-----
    From: dissolved [mailto:dissolved@comcast.net]
    Sent: Wednesday, June 29, 2005 8:48 PM
    To: security-basics@securityfocus.com
    Subject: Strange response from PIX

    Hi all,

    >From the DMZ (1.0), I ran an nmap scan (-sA switch) towards the subnet my
    PIX protects (192.168.2.0 /24). I ran a sniffer while doing this, and
    noticed the PIX responded with an ip of 10.89.112.1 I dont have a class
    A scheme. Why is this 10.88.112.1 address showing up from the PIX?

    05:10:05.232940 IP (tos 0x0, ttl 254, id 39360, offset 0, flags [none],
    proto: ICMP (1), length: 56) 10.89.112.1 > 192.168.1.5: ICMP host
    192.168.2.1 unreachable - admin prohibited filter, length 36

    thanks


  • Next message: frank.temi_at_gmail.com: "Apache Requests"