Re: IP ranges used in North America, Hawaii, and Alaska?



On Thu, 19 Jan 2006 00:26:47 -0600, spm wrote:

[...]

> That one line, though, made a ping go off: ' ... please reply to this
> email. By replying and leaving the subject line intact, your response
> will come directly to me.'
>
> I have never had a Tech Support response that said to 'come directly to
> me.'
>
> Am I comped beyond repair or is it possible that, in order to avoid ARP
> cache poisoning, maybe some legitimate vendors are hiding their servers?
> Normally,
> I would keep this quiet ... but I feel all earthy and damp ... like I
> might be a mushroom if I turn around too quick ...
>
> Are you guys absolutely certain that _all_ IANA reserved traffic is
> bogus?

If the two addresses are truly IANA reserved then you are right to be
suspicious. That's not to say that these things don't periodically
change, or that the source you are querying might not be properly updated,
or might possibly just be wrong. You are also right to be cautious about
replying to the e-mail. The problem is, (and any possible clue) if the
addresses are unassigned, then how does the traffic know where to go, know
how to be routed?

"whois" inquiries are generally sent to the correct, authoritative whois
server without the need to specify the correct server in the query.
However, the option exists to specify a particular server, even if that is
not the right server for the address. You might want to look carefully at
where your information is actually sourced. Each of the regional centers
also has its own website and search capabilities. If the addresses do
belong to the company you should be able to trace the registrations.

You should not be able to resolve DNS or route traffic to an unassigned
(reserved) address. The fact that your software is apparently exchanging
such traffic indicates that a route does somehow exist, legitimate or not.
You should look at your own routing tables. Careful "traceroute"s with
-q1 and -f and -m options correctly chosen, and maybe the I, t and/or v
options could show you how and where this unroutable traffic is
going/coming to/from. If not then maybe a poisoned DNS cache is being
propagated. You could also capture some packets to see if they show
anything interesting (what type of service, content, etc.)

If, on a long shot, you can find some data on where the traffic is going
that it should not be going, then perhaps you can get some assistance from
another responsible third party.

> Thanks for any clues ... don't know what to believe anymore ...

[...]

Hope it helps.
.



Relevant Pages

  • Re: Harassing the Writer
    ... > Replying here, as the original post hasn't appeared on my server. ... That's 'cause I cross-posted my response, ...
    (comp.security.firewalls)
  • Re: Harassing the Writer
    ... > Replying here, as the original post hasn't appeared on my server. ... That's 'cause I cross-posted my response, ...
    (alt.computer.security)
  • Newbie Problems!
    ... you are replying to in your response! ... I installed apache using wajig. ... I want a domain to point to the server. ...
    (Debian-User)
  • [REVS] Introduction to HTTP Response Splitting
    ... single HTTP request that forces the web server to form an output stream, ... one response. ... HTTP response splitting is a fairly new web application vulnerability. ... Web cache poisoning: In this form a rather larger defacement takes place ...
    (Securiteam)
  • Re: Help - administrator locked out!
    ... Second - thanks for your extremely helpful response. ... with 1 Novell server. ... I don't pretend that I'm some sort of super administrator or anything. ... I agree it's my practices that have got me into trouble in the first ...
    (microsoft.public.windows.server.general)