Security Basics mailing list archives
Re: Weird IP
From: Robin Wood <dninja () gmail com>
Date: Fri, 30 Jan 2009 15:23:23 +0000
2009/1/29 Joseph Hanna <pennilessprophet () gmail com>:
Hi everyone, I am working on a case of fraud in my little organisation where we are dealing with fraudulent credit cards. The only thing I can see is the IP address has been logged as 172.16.x.x but isn't that Class B internal? How are they doing this? I mean how are packets being routed between our web-server and that IP? Any recommendations other than my blanked block all Class A and Class B IPs?
What logs did you see the 172 address in, was it the webserver you mention? What is your internal address range? i.e. did the traffic come from internal rather than external Are you on a shared server? If so does the data centre have a 172 as an internal subnet? Robin
Current thread:
- Weird IP Joseph Hanna (Jan 30)
- Re: Weird IP Robin Wood (Jan 30)
- Re: Weird IP Ansgar Wiechers (Jan 30)