Full Disclosure mailing list archives
Re: My ISP is routing traffic to private addresses...
From: Gary Baribault <gary () baribault net>
Date: Fri, 17 May 2013 22:07:22 -0400
If they use the 10.0.0.0/8 there's no harm, if they use a DOD range or another 'public' routable range, there is definitely a risk. Gary B Gary Baribault Courriel: gary () baribault net GPG Key: 0x685430d1 Fingerprint: 9E4D 1B7C CB9F 9239 11D9 71C3 6C35 C6B7 6854 30D1 On 05/17/2013 03:22 PM, Julius Kivimäki wrote:
Many ISPs do this, usually they hijack DoD ranges. It shouldn't cause any issues. 2013/5/17 kyle kemmerer <krkemmerer () gmail com <mailto:krkemmerer () gmail com>> So today when trying to access a device on my network (172.30.x.x range) I was taken to the web interface of a completely different device. This baffled me at first, but after a bit of poking around, I determined that my ISP was actually routing traffic to these addresses. See the trace below Tracing route to 172.30.4.18 over a maximum of 30 hops 1 11 ms 18 ms 19 ms XXXXXXXXX 2 30 ms 178 ms 212 ms vl4.aggr1.phdl.pa.rcn.net <http://vl4.aggr1.phdl.pa.rcn.net> [208.59.252.1] 3 13 ms 18 ms 13 ms tge0-1-0-0.core1.phdl.pa.rcn.net <http://tge0-1-0-0.core1.phdl.pa.rcn.net> [207.172.15.50] 4 37 ms 39 ms 57 ms tge0-0-0-2.core1.lnh.md.rcn.net <http://tge0-0-0-2.core1.lnh.md.rcn.net> [207.172.19.227] 5 35 ms 34 ms 32 ms tge0-1-0-1.core1.chgo.il.rcn.net <http://tge0-1-0-1.core1.chgo.il.rcn.net> [207.172.19.235 ] 6 42 ms 38 ms 39 ms port-chan13.aggr2.chgo.il.rcn.net <http://port-chan13.aggr2.chgo.il.rcn.net> [207.172.15.20 1] 7 37 ms 39 ms 39 ms port-chan1.mart-ubr1.chi-mart.il.cable.rcn.net <http://port-chan1.mart-ubr1.chi-mart.il.cable.rcn.net> [ 207.229.191.132] 8 57 ms 61 ms 53 ms 172.30.4.18 Trace complete. So I break out nmap and do a quick scan, and find that there are thousands of these devices across this IP range. Has anybody ever seen anything like this? Surely this must be a mistake, right? If anybody else is using RCN as an ISP, can you access these addresses as well? _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: My ISP is routing traffic to private addresses..., (continued)
- Re: My ISP is routing traffic to private addresses... Carl "Thomas" Guething (May 17)
- Re: My ISP is routing traffic to private addresses... Gary Baribault (May 17)
- Re: My ISP is routing traffic to private addresses... Alexander Georgiev (May 18)
- Re: My ISP is routing traffic to private addresses... Kirils Solovjovs (May 18)
- Message not available
- Re: My ISP is routing traffic to private addresses... Dan Dart (May 18)
- Re: My ISP is routing traffic to private addresses... Justin Elze (May 18)
- Re: My ISP is routing traffic to private addresses... Alexander Georgiev (May 20)
- Re: My ISP is routing traffic to private addresses... Patrick Webster (May 20)
- Re: My ISP is routing traffic to private addresses... Gary Baribault (May 17)