Security Basics mailing list archives
Re: 192.168.x.x oddities
From: Ranjeet Shetye <ranjeet.shetye2 () zultys com>
Date: Thu, 17 Jun 2004 13:33:47 -0700
* Nathaniel Hall (halln () otc edu) wrote:
A common misconception is that the 10.0.0.0, 172.16.0.0 and 192.168.0.0 network are non-routable. This is NOT true. Most routers are setup to not route the addresses, but they can be routed.
To be very precise, RFC 1918 addresses are not *publicly* routable. They are privately routable e.g. routing such packets between Engineering and Testing within a company, where all addresses are RFC 1918 addresses.
Your problem could be this or it could be that a system is mis-configured and is just trying to figure out where it can go. ~~~~~~~~~~~~~~~~~~~~~~~~~~ Nathaniel Hall Intrusion Detection and Firewall Technician Ozarks Technical Community College -- Office of Computer Networking 417-799-0552 -----Original Message----- From: Jimmy Brokaw [mailto:hedgie () hedgie com] Sent: Monday, June 14, 2004 4:49 PM To: security-basics () securityfocus com Subject: 192.168.x.x oddities This seems like a stupid question from a non-guru like me, but I've asked a couple of the "gurus" I know and gotten nothing but strange looks. I run a small network at home, using a wireless router to connect to a cable modem. My internal IPs all fall in the 192.168.0.x range, which is the only address-space the router is configured to support. I've got authentication and logging, so before anyone says "I bet it's a neighbor using your connection," I've verified nobody else is logging in. My understanding is that the entire 192.168.x.x range is for internal networks only (RFC 1918), and unrouteable on the Internet. When I run the following command, however, I can see several computers: [computer]$ nmap 192.168.*.* -sP I get what looks like four computers (in addition to mine), plus some x.0 and x.255 addresses responding to the pings. I picked one at random, and it appears to belong to my ISP. Doing a traceroute, I found the packet reached its destination at a public (routeable) address, indicating to me the machine has two addresses on the same interface. RFC 1918 states: One might be tempted to have both public and private addresses on the same physical medium. While this is possible, there are pitfalls to such a design (note that the pitfalls have nothing to do with the use of private addresses, but are due to the presence of multiple IP subnets on a common Data Link subnetwork). We advise caution when proceeding in this area. Am I therefore correct in my assumption that the ISP is routing my pings onto their internal network? Is this a normal response? It seems like there ought to be security concerns here, but I can't nail them down, except the assumption that traffic destined for 192.168.x.x addresses may not be filtered as well (or at all), since it may be assumed it originated from within the internal network. -- \\\\\ hedgie () hedgie com \\\\\\\__o Bringing hedgehogs to the common folk since 1994. __\\\\\\\'/________________________________________________________ Visit http://www.hedgie.com for information on my latest book, "Waiting for War," published by Aventine Press! --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ---------------------------------------------------------------------------- --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ----------------------------------------------------------------------------
-- Ranjeet Shetye Senior Software Engineer Zultys Technologies Ranjeet dot Shetye at Zultys dot com http://www.zultys.com/ The views, opinions, and judgements expressed in this message are solely those of the author. The message contents have not been reviewed or approved by Zultys. --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ----------------------------------------------------------------------------
Current thread:
- 192.168.x.x oddities Jimmy Brokaw (Jun 15)
- Re: 192.168.x.x oddities JGrimshaw (Jun 16)
- RE: 192.168.x.x oddities Nathaniel Hall (Jun 16)
- Re: 192.168.x.x oddities Ranjeet Shetye (Jun 18)
- Re: 192.168.x.x oddities steve (Jun 21)
- RE: 192.168.x.x oddities Burton M. Strauss III (Jun 21)
- <Possible follow-ups>
- RE: 192.168.x.x oddities Shawn Jackson (Jun 16)
- RE: 192.168.x.x oddities Jimmy Brokaw (Jun 21)
- Re: 192.168.x.x oddities steve (Jun 23)
- RE: 192.168.x.x oddities David Gillett (Jun 24)
- RE: 192.168.x.x oddities Jimmy Brokaw (Jun 21)
- RE: 192.168.x.x oddities Mike (Jun 17)
- RE: 192.168.x.x oddities Shawn Jackson (Jun 17)
- RE: 192.168.x.x oddities Keith T. Morgan (Jun 24)