Security Basics mailing list archives
RE: 192.168.x.x oddities
From: "Shawn Jackson" <sjackson () horizonusa com>
Date: Tue, 15 Jun 2004 17:17:24 -0700
My understanding is that the entire 192.168.x.x range is for internal networks only (RFC 1918)
Private networks really, internal is such a limited word. Case in point, some cableco's and telco's setup their public routing network as private (10.) addresses but with public IP's on the edge routers. This allows Someone who uses a providers with this setup till traceroute like this: [shawn@apollo shawn]$ traceroute 4.2.2.2 traceroute to 4.2.2.2 (4.2.2.2), 30 hops max, 38 byte packets 1 my-nat-router (192.168.1.1) 2.809 ms 1.429 ms 1.384 ms 2 cust-edge-rtr (180.65.198.52) 3.097 ms 1.709 ms 1.530 ms 3 * * * 4 * * * 5 * * * 6 * * * 7 so-1-1-0.edge1.sanjose1.level3.net (209.0.227.29) 10.955 ms 10.781 ms 10. 963 ms 8 so-1-2-0.bbr1.sanjose1.level3.net (209.244.3.137) 11.110 ms 11.202 ms 11. 087 ms 9 ge-5-2.core1.sanjose1.level3.net (64.159.2.165) 11.382 ms ge-4-2.core1.sanj ose1.level3.net (64.159.2.133) 11.231 ms 11.066 ms 10 vnsc-bak.sys.gtei.net (4.2.2.2) 11.359 ms 11.343 ms 11.316 ms I believe there was a NANOG discussion about this and this practice violates a RFC or two, but I can't be too sure.
I get what looks like four computers (in addition to mine), plus some x.0 and x.255 addresses responding to the pings.
If you are using a class C network, i.e. 192.168.1.0-255 .0 is your network address and .255 is your broadcast address. Whichever system can respond the quickest will respond to a broadcast echo request. Depending on your network setup and systems you sometimes cannot ping your network address. But I have seen in some networks that the default router will respond to network address echo requests.
Am I therefore correct in my assumption that the ISP is routing my pings onto their internal network?
Possibly. It could also be other users in your area connected via the same edge router.
Is this a normal response? It seems like there ought to be security concerns here, but I can't nail them down, except the assumption that traffic destined for 192.168.x.x addresses may not be filtered as well (or at all), since it may be assumed it originated from within the internal network.
If they are your ISP's systems, then there are some larger security concerns. If they are local users in your area, then there are /personal/ security issues. It all depends on how the provider setups their network and the ACL's to the edge/cust routers. Some providers have private/public pool that they throw users into, while others use a completely public IP/Routing scheme. Everyone should ACL private IP address ranges at their edge routers and loopback IP's, in addition to private protocols, there is no reason that stuff should be flying around the network. Also your NAT box shouldn't have even showed those to you, usually they are very good about blocking private IP address schemes especially if they fall within the range you are using against the LAN interface for NAT translation. Hope you can find any of the above useful. Shawn Jackson Systems Administrator Horizon USA 1190 Trademark Dr #107 Reno NV 89521 www.horizonusa.com Email: sjackson () horizonusa com Phone: (775) 858-2338 (800) 325-1199 x338 --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ----------------------------------------------------------------------------
Current thread:
- 192.168.x.x oddities Jimmy Brokaw (Jun 15)
- Re: 192.168.x.x oddities JGrimshaw (Jun 16)
- RE: 192.168.x.x oddities Nathaniel Hall (Jun 16)
- Re: 192.168.x.x oddities Ranjeet Shetye (Jun 18)
- Re: 192.168.x.x oddities steve (Jun 21)
- RE: 192.168.x.x oddities Burton M. Strauss III (Jun 21)
- <Possible follow-ups>
- RE: 192.168.x.x oddities Shawn Jackson (Jun 16)
- RE: 192.168.x.x oddities Jimmy Brokaw (Jun 21)
- Re: 192.168.x.x oddities steve (Jun 23)
- RE: 192.168.x.x oddities David Gillett (Jun 24)
- RE: 192.168.x.x oddities Jimmy Brokaw (Jun 21)
- RE: 192.168.x.x oddities Mike (Jun 17)
- RE: 192.168.x.x oddities Shawn Jackson (Jun 17)
- RE: 192.168.x.x oddities Keith T. Morgan (Jun 24)