nanog mailing list archives
Some very strange network behaviors
From: "Christopher Bird" <seabird () msn com>
Date: Wed, 10 Sep 2003 23:39:25 -0500
I am not sure if this post belongs here, so I apologize if it does not. I have been experiencing some weirdness while traveling and wondered if the group has any insight into what seems to be a pretty ugly situation. I am traveling and have my lap top with me. I am staying in a hotel that offers broadband support. There are 2 of us (with 2 lap tops) sharing a room. I acquire an internet connection and sign up for the service, so get an IP address. In my case that IP address is 12.44.189.24. I disconnect my cable and pass it to my roommate. He plugs in and acquires IP address 12.44.189.47. He does the email thing for a while and then passes the cable back to me. Imagine my surprise when the network routes packets destined for his IP address (from his email server no less) to my computer. My firewall (Zone alarm) detects these incoming packets and blocks them since they are unsolicited. In further analysis of the logs, I see that there are a large number of IP addresses that are packet destinations and routed to my computer Zone Alarm detects them and blocks them. According to Zone Alarm I am getting packets for destination IP addresses as follows:12.44.189.244. 12.44.189.178 12.44.189.181 12.189.44.244 and some others too. They are all port 80 requests, identified by Zone Alarm as TCP (flags:S). This seems strange to me since they are arriving at an IP address that is different from mine. How can this happen? Is there the potential for a problem (I am thinking particularly about future guests who may not have the degree of protection (limited though it is) that Zone Alarm is affording me.)? This then got me thinking about corporate security. If I have taken my laptop and put it on an external network (e.g. the hotel network) what protections can I realistically expect, and what should my corporate IT department do to make sure my compute hasn't contracted something nasty while it was away from home. I could see that the kind of network behavior that I observed could infect a less well protected computer and thus cause me to bring an infection back to my office where it can attack from behind the corporate shields and firewalls. Any comments would be very welcome. Regards Chris Bird
Current thread:
- Cisco IOS Failure due to Virus Richard J . Sears (Sep 10)
- Re: Cisco IOS Failure due to Virus Robert Blayzor (Sep 10)
- Re: Cisco IOS Failure due to Virus Richard J . Sears (Sep 10)
- Some very strange network behaviors Christopher Bird (Sep 10)
- Re: Some very strange network behaviors Stephen J. Wilcox (Sep 11)
- Re: Some very strange network behaviors Mike Lewinski (Sep 11)
- Re: Some very strange network behaviors Crist Clark (Sep 11)
- Re: Cisco IOS Failure due to Virus Robert Blayzor (Sep 10)
- Re: Cisco IOS Failure due to Virus Stephen J. Wilcox (Sep 11)
- Re: Cisco IOS Failure due to Virus Petri Helenius (Sep 12)
- Re: Cisco IOS Failure due to Virus Stephen J. Wilcox (Sep 12)
- Re: Cisco IOS Failure due to Virus Petri Helenius (Sep 12)
- <Possible follow-ups>
- RE: Cisco IOS Failure due to Virus Niaz, Wajahat (Sep 10)
- RE: Cisco IOS Failure due to Virus Mark Segal (Sep 15)
- RE: Cisco IOS Failure due to Virus Mark Segal (Sep 15)