Re: Probed from 10.201.232..XXX????
From:Date: 10/28/02
- Next message: Lars M. Hansen: "Re: Firewall with user level access control"
- Previous message: : "Re: What do you make of this ZoneAlarm log>>>"
- In reply to: : "Re: Probed from 10.201.232..XXX????"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 28 Oct 2002 12:28:46 GMT
On Mon, 28 Oct 2002 07:30:26 +0300, Tracker spoketh
>
>
>Anthony wrote:
>
>> I have noticed that recently I have been getting probed on port 137 from IP
>> 10.201.232.XXX (XXX=181or185or187or197or101).
>>
>> I was under the assumption that 10.0.0.0 to 10.255.255.255 was reserved for
>> private internets (RFC 1918). I am not on a network of any kind, just a
>> regular dial-up account. Could someone shed some light on this for me?
>>
>> Regards,
>> Anthony
>
>Yes 10.xx is for the private sector but it doesn't mean a private sector host
>won;t attack your computer.
>
>Tracker
Private sector? As opposed to the public sector (government?).
10.0.0.0/255.0.0.0 is an address space reserved for non-public use (ie a
LAN behind some sort of NAT device).
Although a "private sector" host may "attack" a computer, it's private
IP address should never show up, as it's translated by the NAT device.
This is another example of a misconfigured device, and it's probably
either one of two viruses (Opaserv or bugbear), or it could be one of
those "net send" spam messages.
The firewall is blocking it, so there's no danger of anything.
And you still don't have a clue, Debbie.
Lars M. Hansen
http://www.hansenonline.net
(replace 'badnews' with 'lars' in e-mail address)
- Next message: Lars M. Hansen: "Re: Firewall with user level access control"
- Previous message: : "Re: What do you make of this ZoneAlarm log>>>"
- In reply to: : "Re: Probed from 10.201.232..XXX????"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
