Re: noob: who-has tell messages
From: Allen Kistler (ackistler_at_oohay.moc)
Date: 06/25/04
- Next message: Jim: "Iptables blocking script"
- Previous message: John Thompson: "Re: Linux/Mozilla equivalent of Ad-Aware? To remove evil cookies."
- In reply to: jim beam: "Re: noob: who-has tell messages"
- Next in thread: jim beam: "Re: noob: who-has tell messages"
- Reply: jim beam: "Re: noob: who-has tell messages"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 25 Jun 2004 19:38:57 GMT
jim beam wrote:
> Allen Kistler wrote:
>
>> jim beam wrote:
>>
>>> [snip]
>>>
>>> when i do tcpdump, these show as:
>>> 21:33:35.121984 arp who-has 10.153.38.59 tell 10.153.32.1
>>> 21:33:35.136925 arp who-has 10.153.37.177 tell 10.153.32.1
>>>
>>> this is just a personal network and doesn't have addresses in this
>>> range on it.
>>>
>>> what's going on?
>>
>> Apparently your "personal network" is connected directly to someone
>> else's 10.x network with a router at 10.153.32.1. Is there any chance
>> you're a cable modem subscriber and forgot to mention it?
>>
>
> yes, cable - sorry, wasn't aware this was an issue.
>
> can you help me understand? i thought addresses in this range were
> non-routable. and this is a very small extract of the traffic - it's
> not just from this "10.153.32.1" address but many, and it seems to be
> systematically scanning for anything in the 10.x.x.x range - at the rate
> of ~100 packets per minute.
I'll try to stay kind of light on the gritty details.
10.x addresses are not routable over public networks, but your cable
carrier is, itself, a private network. The way cable works it that your
modem has an address and your PC (connected to your modem) has an
address. Your modem and most of the cable carrier's infrastructure will
probably have 10.x addresses. Your PC (or private gateway, hub,
whatever) has a publicly routable address, but the cable company's
infrastructure knows how to route to you over their 10.x network, too.
If you're intensely curious about the details, the terms/acronyms to
research are uBR (universal broadband router), CMTS (cable modem
termination service), and DOCSIS (data over cable service interface
specification).
The bottom line is that you can probably block (or ignore) the traffic
coming from the cable company's router. If it's meant for your modem,
it already made it. If it's meant for your neighbor's modem, you don't
care about it (unless you want to see what sites he's surfing, etc.).
There are probably other 10.x addresses you _don't_ want to block. For
example, your cable company may have set up their private DNS servers or
a web proxy or DHCP server on 10.x addresses. If you block traffic
to/from those addresses, you've effectively cut yourself off from the
Internet.
- Next message: Jim: "Iptables blocking script"
- Previous message: John Thompson: "Re: Linux/Mozilla equivalent of Ad-Aware? To remove evil cookies."
- In reply to: jim beam: "Re: noob: who-has tell messages"
- Next in thread: jim beam: "Re: noob: who-has tell messages"
- Reply: jim beam: "Re: noob: who-has tell messages"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
