Re: Weird IP

[Robin Wood <dninja () gmail com>]

2009/1/29 Joseph Hanna <pennilessprophet () gmail com>:
> Hi everyone,
>
> I am working on a case of fraud in my little organisation where we are
> dealing with fraudulent credit cards. The only thing I can see is the
> IP address has been logged as
> 172.16.x.x but isn't that Class B internal? How are they doing this? I
> mean how are packets being routed between our web-server and that IP?
> Any recommendations other than my blanked block all Class A and Class
> B IPs?

What logs did you see the 172 address in, was it the webserver you mention?

What is your internal address range? i.e. did the traffic come from
internal rather than external

Are you on a shared server? If so does the data centre have a 172 as
an internal subnet?

Robin