Re: Why does an ip resolving to Genuity appear in my /var/log/wtmp?

From: Barry Margolin (barmar@genuity.net)
Date: 01/23/03 

From: Barry Margolin <barmar@genuity.net>
Date: Thu, 23 Jan 2003 02:07:11 GMT

In article <oIGX9.77150$ej1.30681@news02.bloor.is.net.cable.rogers.com>,
mr.e <anjin@rogers.com> wrote:
>Barry Margolin wrote:
>> In article <G5nX9.130611$pDv.86887@news04.bloor.is.net.cable.rogers.com>,
>> mr.e <anjin@rogers.com> wrote:
>>
>>>sez it all doesn't it?
>>>over to you Barry
>>
>>
>> What IP? Maybe one of your users comes from one of our DSL customers.
>>
>Nope. Home lan. Fresh install of Mandrake 9. The box in question is
>sitting behind a strict ipchains firewall, and the ip 8.27.1.64 showed
>up in /wtmp within minutes of this box being connected. Checking the
>firewall box shows the ip 8.0.0.0 associated with the non-root users
>(all 2 of them) on the system.
>I'm not a happy camper.

Although we own the 8.0.0.0/8 address block, we're not actually using it as
far as I know, except possibly on some internal test networks. It's just a
network we've had assigned to us since the early days of the Internet
(Genuity used to be Bolt, Beranek, & Newman, where much of the original
Arpanet and Internet development was done).

I don't see any way a remote system could have successfully logged into
your system from that address, since there are no routes for any 8.x.x.x
addresses on the Internet. The only explanations I can think of are that
your ISP is using those addresses internally (*bad* ISP), or you're using
them on your home LAN (*bad* you).

What happens if you ping or traceroute to that address? How far does the
traceroute get? 

-- 
Barry Margolin, barmar@genuity.net
Genuity, Woburn, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.

Relevant Pages

  • Re: FreeBSD challenged by Internet
    ... Subject: FreeBSD challenged by Internet ... rated speed on DSL I don't think the DSL line is the limiting factor. ... Are you talking from world to you, or are you talking from ISP to you? ... taken care of somehow between some Verizon server and the firewall. ...
    (freebsd-questions)
  • Re: OT: Net Neutrality is far more serious than people realise
    ... Ellacoya prides itself in being able to detect BitTorrent flows ... The internet is and always has ... The classic example is the granddaddy of email blacklists the RBL. ... Well your telco ISP will block VoIP by default. ...
    (comp.os.vms)
  • RE: Exchange Issues
    ... The problem occuring was that SPA had been ticked in the POP3 connector ... > Email and Internet Connection Wizard) first. ... > email settings of the server. ... If you need to forward internet email to your ISP ...
    (microsoft.public.windows.server.sbs)
  • Re: Why IP address is fixed everytime connected to the Internet?
    ... The ISP, the network card (i.e. MAC address??), or the ... Typically it is assigned by your ISP. ... from the ISP DHCP server. ... Some Internet connections are formed using PPP ...
    (microsoft.public.security)
  • RE: Nimda et.al. versus ISP responsibility
    ... The basic Internet user - limited technical expertise, ... manage their own security, with a bit of instruction, and most would be able ... Maybe the answer for the ISP is to assume every customer is in the ... the ISP would assume a higher level of responsibility (but it ...
    (Incidents)