Re: Do I Have A Firewalled LAN Run By ISP In Between?



On Sun, 02 Mar 2008, in the Usenet newsgroup comp.security.firewalls, in article
<Xns9A55665F5D08EUVAA@xxxxxxxxxxxxxx>, Patient Guy wrote:

1. I have a (wireless) router set up in "gateway mode." Hosts on the
LAN are dynamically assigned 192.168.1.x addreses, and the router
itself is 192.168.1.1 (note the subnet mask is 255.255.255.240,
giving up to--- what?---16 hosts).

Yup - see RFC1878 available through any search engine.

Of course, I am astonished because 10.x.x.x. are also designated for
private LAN and not Internet IP addresses, right?

Sort of. See RFC1918, and read the rational for using those addresses,
specifically section 2.

4. I have access to a host "on the Internet" (169.237.x.x) through a
remote desktop connection (which can be made!) and so can follow all
sorts of TCP activity (ftp, http) from that host while at host
192.168.1.3.

ARIN says that's UC Davis. Hope you have permission to be using it
for non-school activities. Are you sure their firewall isn't blocking?

This remote host is running FileZilla ftp server and I can monitor
attempts to connect and IP addresses. When I attempt to use FireFTP
(an "extension" creating an ftp client within the FireFox http client),
the FileZilla server monitor on the remote host reports that my IP
address is 64.30.y.y, and not 10.202.46.2, which is consistent with my
understanding that 10.x.x.x addresses are private.

Well, you are posting from 64.30.107.165 which belongs to "SureWest
Broadband" out of McClellan - they're a residential provider.

That means that the ISP must be "onion"ing its network: that is,
providing service as a layer or shell of its own private network, and
running a layer within a layer, with a complex network address translation
system. Is that possible??

Web Results 1 - 10 of about 1,660,000 for Windows Connection Sharing.
(0.19 seconds)

When microsoft invented the Internet, they eventually added an
application called "Internet Connection Sharing". It's yet another idea
they stole from the world and mis-implemented called "Network Address
Translation", or NAT. For example,

1631 The IP Network Address Translator (NAT). K. Egevang, P. Francis.
May 1994. (Format: TXT=22714 bytes) (Obsoleted by RFC3022) (Status:
INFORMATIONAL)

That RFC documented a concept that had been developed before 1992.
"Onion Routing" is a piece of techno-babble that describes how to use
NAT to attempt to hide your IP address from the places you are surfing
to.

At any rate, I am not concerned about how they configure their networks.

Good, because all you can do is pay them for a commercial service rather
than your residential service.

I am ONLY concerned that they are or might be firewalling inbound port
80 service, or for that matter, any service.

Let's look at the windoze "Internet Connection Sharing" concept. You
may have ten or a hundred systems hiding behind a real (non-RFC3330)
address like 64.30.107.165. Someone tries to connect to port 80 on
64.30.107.165 - which of the hidden systems should those packets be
forwarded to? Now it's not impossible that they may be blocking
access to servers run on a residential network, because they want you
to pay for a commercial connection. You'd have to read the agreement
you have with your provider, or at least ask them.

QUESTION: What is going on here? I have additional information below
which may be helpful.

You need to understand more about how the Internet works.

4. When I attempt to connect to the FileZilla server on the remote
host through the FireFTP client, I can login, but I cannot start a
file transfer. I always get a

425 Can't get data connection

error.

0959 File Transfer Protocol. J. Postel, J. Reynolds. October 1985.
(Format: TXT=147316 bytes) (Obsoletes RFC0765) (Updated by RFC2228,
RFC2640, RFC2773, RFC3659) (Also STD0009) (Status: STANDARD)

1579 Firewall-Friendly FTP. S. Bellovin. February 1994. (Format:
TXT=8806 bytes) (Status: INFORMATIONAL)

I don't bother using toy applications for network services, but see if
your application knows about the 'Passive' mode. However, this problem
is probably quite different from problems you may be having with trying
to run a web _server_ from a NATed connection.

(a) the router has its own logging feature which I have enabled, but
it only shows "outgoing" traffic to various unrecognizable IP addresses
as destinations and all the hosts 192.168.x.x. on the LAN as sources
and the ports are usually "www" (assuming port 80), "ftp" (assuming
port 21) and strangely, port 500 (is this a known security exploit?)

One of the services using port 500 is VPN Key Exchange.

(b) I am looking for monitoring software to use on the 192.168.1.3
host running IIS web server (on a Vista Premium windows environment),
which I also want to use for ftp for large file transfers. I will
probably install Wireshark, which is probably overkill for the
monitoring I need.

Wireshark is a packet sniffer - probably useless if you don't know
what those packets are for, or understand the protocols involved.

QUESTION: are there other ways to monitor my attempts to request
http service from the remote host...

1945 Hypertext Transfer Protocol -- HTTP/1.0. T. Berners-Lee, R.
Fielding, H. Frystyk. May 1996. (Format: TXT=137582 bytes) (Status:
INFORMATIONAL)

2616 Hypertext Transfer Protocol -- HTTP/1.1. R. Fielding, J. Gettys,
J. Mogul, H. Frystyk, L. Masinter, P. Leach, T. Berners-Lee. June
1999. (Format: TXT=422317, PS=5529857, PDF=550558 bytes) (Obsoletes
RFC2068) (Updated by RFC2817) (Status: DRAFT STANDARD)

The "commands" over the wire are ASCII text, and while not exactly
simple English, are relatively easy to read.

to see if it is getting to the target host, or at least to the router?

A packet sniffer will tell a lot - but you've got to be able to
understand what is in the packets, why it it there, and how the dozens
of protocols that may be in those packets differ.

Old guy
.



Relevant Pages

  • Re: Clients Network internet connection?
    ... Host PC connects to internet okay, ... Checked all network connections, cables been checked as ... Ethernet adapter Wireless Network Connection: ... or behaviour of each light (or set of lights). ...
    (microsoft.public.windowsxp.network_web)
  • Re: Clients Network internet connection?
    ... Host PC connects to internet okay, ... Checked all network connections, cables been checked as ... Ethernet adapter Wireless Network Connection: ... or behaviour of each light (or set of lights). ...
    (microsoft.public.windowsxp.network_web)
  • Re: Clients Network internet connection?
    ... Host PC connects to internet okay, ... Checked all network connections, cables been checked as ... Ethernet adapter Wireless Network Connection: ... or behaviour of each light (or set of lights). ...
    (microsoft.public.windowsxp.network_web)
  • Re: Clients Network internet connection?
    ... Host PC connects to internet okay, ... Checked all network connections, cables been checked as ... Ethernet adapter Wireless Network Connection: ... or behaviour of each light (or set of lights). ...
    (microsoft.public.windowsxp.network_web)
  • Re: strange network traffic
    ... Maybe not so wise to not have a firewall and trust a third party lurker to ... Subject: strange network traffic ... > -> connection established, following packets have neither SYN nor ...
    (Security-Basics)