Andrews, Jonathan wrote Tuesday, December 10, 2002 12:17 PM > 192.168.0.0/16 is a privately addressed netblock. These packets could not > be routed over the Internet. Do you NAT at your edge router and were these > traces obtained from the "internal" interface of your router? Private addresses _should_ not be routed. They can be and are routed with frustrating regularity. I get (and filter of course) private address traffic from: ISP's equipment Forged packets Overloaded remote NAT devices or firewalls Misconfigured NAT Misconfigured complex Web sites Some ISPs filter it out and some don't. > If so, this would have to be something on your internal network broadcasting > this traffic. Probably so, but not necessarily. Depends on whether private addresses were effectively filtered upstream of the network reporting the alert. ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Wed Dec 11 2002 - 11:14:06 PST