Full Disclosure mailing list archives

Re: My ISP is routing traffic to private addresses...

From: mezgani ali <handrix () gmail com>
Date: Fri, 17 May 2013 19:12:52 +0000

There are many ISP that route IP traffic through networks with private
addresses, my ISP to do the same thing and has 10.0.0.0 class A addresses
routable.
May be it is a miss of IP addresses or may be a NAT that was published due
to some network need.

regards,


On Fri, May 17, 2013 at 8:08 PM, kyle kemmerer <krkemmerer () gmail com> wrote:

So today when trying to access a device on my network (172.30.x.x range) I
was taken to the web interface of a completely different device.  This
baffled me at first, but after a bit of poking around, I determined that my
ISP was actually routing traffic to these addresses.  See the trace below


Tracing route to 172.30.4.18 over a maximum of 30 hops

  1    11 ms    18 ms    19 ms  XXXXXXXXX
  2    30 ms   178 ms   212 ms  vl4.aggr1.phdl.pa.rcn.net [208.59.252.1]
  3    13 ms    18 ms    13 ms  tge0-1-0-0.core1.phdl.pa.rcn.net[207.172.15.50]

  4    37 ms    39 ms    57 ms  tge0-0-0-2.core1.lnh.md.rcn.net[207.172.19.227]

  5    35 ms    34 ms    32 ms  tge0-1-0-1.core1.chgo.il.rcn.net[207.172.19.235
]
  6    42 ms    38 ms    39 ms  port-chan13.aggr2.chgo.il.rcn.net[207.172.15.20
1]
  7    37 ms    39 ms    39 ms
port-chan1.mart-ubr1.chi-mart.il.cable.rcn.net [
207.229.191.132]
  8    57 ms    61 ms    53 ms  172.30.4.18

Trace complete.


So I break out nmap and do a quick scan, and find that there are thousands
of these devices across this IP range.  Has anybody ever seen anything like
this?  Surely this must be a mistake, right? If anybody else is using RCN
as an ISP, can you access these addresses as well?





_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/




-- 
Ali MEZGANI
*N*etwork *E*ngineering/*S*ecurity
http://www.nativelabs.org/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Re: My ISP is routing traffic to private addresses..., (continued)
- - - Re: My ISP is routing traffic to private addresses... sec (May 17)
    - Re: My ISP is routing traffic to private addresses... Gary Baribault (May 17)
    - Re: My ISP is routing traffic to private addresses... Carl "Thomas" Guething (May 17)
    - Re: My ISP is routing traffic to private addresses... Gary Baribault (May 17)
    - Re: My ISP is routing traffic to private addresses... Alexander Georgiev (May 18)
    - Re: My ISP is routing traffic to private addresses... Kirils Solovjovs (May 18)
    - Message not available
    - Re: My ISP is routing traffic to private addresses... Dan Dart (May 18)
    - Re: My ISP is routing traffic to private addresses... Justin Elze (May 18)
    - Re: My ISP is routing traffic to private addresses... Alexander Georgiev (May 20)
    - Re: My ISP is routing traffic to private addresses... Patrick Webster (May 20)
- Re: My ISP is routing traffic to private addresses... mezgani ali (May 17)
- Re: My ISP is routing traffic to private addresses... Julius Kivimäki (May 17)
  - Re: My ISP is routing traffic to private addresses... Gary Baribault (May 17)