FWIW, how does one get the various Internet widgets to route packets addressed to 192.168.*, especially to a different network? I was under the impression that they were unroutable over the Internet. Is this incorrect, or is someone messing with routing tables somewhere, or what? If this is taking place I need some more education... probably do anyway. The reason I ask is that when I see packets with 192.168.* or other similarly defined addresses, it is invariably as a source address, and I assume that, if it was done intentionally, the sender does not really expect an answer (to an unroutable (?) address). So far as I know there have been no inbound external packets addressed _to_ 192.168.*. If I saw some within my net, I would hunt within my net for the transmitter. An example of this is some leakage from a small SAN we have that uses 10.* addresses internally. Occasionally I would see some of those hit the internal side of the firewall, and after tracing them I found that more-or-less legitimate source for them. Chuck Sterling Magic is REAL, unless declared INTEGER > ---------- > From: HggdH[SMTP:hggdhat_private] > Sent: Thursday, June 27, 2002 4:05 PM > To: Incidents > Subject: Fw: spoofed packets to RFC 1918 addresses > > I wonder ... I just remembered that at least the Linksys DSL/Cable > routers, > by default, sit at 192.168.1.x; the DMZ is, usually, on the same subnet. > > Would someone be looking for Windows hosts there? As Linksys puts it, a > machine in the DMZ is completely exposed to the Internet. No firewall > protection. > > ..hggdh.. > ----- Original Message ----- > From: "Robert E. Lee" <relat_private> > (snip) > My organization saw some connection attempts to an rfc1918 space on our > firewall in the past few days as well. Specifically ip's in the > 192.168.1.0/24 space, and specifically on tcp port 137. The firewall > marked the packets as being spoofed, and dropped them. > (snip) > > > -------------------------------------------------------------------------- > -- > This list is provided by the SecurityFocus ARIS analyzer service. > For more information on this free incident handling, management > and tracking system please see: http://aris.securityfocus.com > ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Fri Jun 28 2002 - 08:58:08 PDT