Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: My ISP is routing traffic to private addresses...

From: Gary Baribault <gary () baribault net>
Date: Fri, 17 May 2013 22:07:22 -0400
If they use the 10.0.0.0/8 there's no harm, if they use a DOD range or
another 'public' routable range, there is definitely a risk.

Gary B

Gary Baribault
Courriel: gary () baribault net
GPG Key: 0x685430d1
Fingerprint: 9E4D 1B7C CB9F 9239 11D9 71C3 6C35 C6B7 6854 30D1

On 05/17/2013 03:22 PM, Julius Kivimäki wrote:

Many ISPs do this, usually they hijack DoD ranges. It shouldn't cause
any issues.


2013/5/17 kyle kemmerer <krkemmerer () gmail com
<mailto:krkemmerer () gmail com>>

    So today when trying to access a device on my network (172.30.x.x
    range) I was taken to the web interface of a completely different
    device.  This baffled me at first, but after a bit of poking
    around, I determined that my ISP was actually routing traffic to
    these addresses.  See the trace below


    Tracing route to 172.30.4.18 over a maximum of 30 hops

      1    11 ms    18 ms    19 ms  XXXXXXXXX
      2    30 ms   178 ms   212 ms  vl4.aggr1.phdl.pa.rcn.net
    <http://vl4.aggr1.phdl.pa.rcn.net> [208.59.252.1]
      3    13 ms    18 ms    13 ms  tge0-1-0-0.core1.phdl.pa.rcn.net
    <http://tge0-1-0-0.core1.phdl.pa.rcn.net> [207.172.15.50]

      4    37 ms    39 ms    57 ms  tge0-0-0-2.core1.lnh.md.rcn.net
    <http://tge0-0-0-2.core1.lnh.md.rcn.net> [207.172.19.227]

      5    35 ms    34 ms    32 ms  tge0-1-0-1.core1.chgo.il.rcn.net
    <http://tge0-1-0-1.core1.chgo.il.rcn.net> [207.172.19.235
    ]
      6    42 ms    38 ms    39 ms  port-chan13.aggr2.chgo.il.rcn.net
    <http://port-chan13.aggr2.chgo.il.rcn.net> [207.172.15.20
    1]
      7    37 ms    39 ms    39 ms
     port-chan1.mart-ubr1.chi-mart.il.cable.rcn.net
    <http://port-chan1.mart-ubr1.chi-mart.il.cable.rcn.net> [
    207.229.191.132]
      8    57 ms    61 ms    53 ms  172.30.4.18

    Trace complete.


    So I break out nmap and do a quick scan, and find that there are
    thousands of these devices across this IP range.  Has anybody ever
    seen anything like this?  Surely this must be a mistake, right? If
    anybody else is using RCN as an ISP, can you access these
    addresses as well?





    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.grok.org.uk/full-disclosure-charter.html
    Hosted and sponsored by Secunia - http://secunia.com/




_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: