Security Incidents mailing list archives
Re: Somthing intresting.
From: Piotr Zurawski <szur () IX RENET PL>
Date: Fri, 16 Feb 2001 12:48:55 +0100
On Thu, 15 Feb 2001, Crypt1 Crypt1 wrote:
While using nmap i found something interesting. My boss's network is on DSL, Setup with 2 ethernet cards. and one computer pluged into the hub the other pluged into the dsl modem. Internet address is 192.168.133.* well i ended up doing a scan on the hole internal subnet When i did i found some computer i did not reconize when i telneted to them a few of them came up as cisco routers and a few came up as DNS servers. (FROM the out side internet) i did a traceroute to them and they resolved to the out side net. so you have 192.168.133.0 resolving (lets just say)209.125.12.8 any reason for this?
If your boss' isp assigned him an address, that is routed only locally (eg. only in his network) it's highly possible that he has also assigned such addresses to more of his network devices. It let's you see them locally (not via nat interface) and your connection is translated just on WAN ports of all ISP's connections. It lets him reduce number of networks address translations and identify your activity :> I assume that all of those devices have just an IP alias
Could the isp have an internal network that is not properly subneted? or using some type of nat skeem?
-- Piotr Zurawski [fb] szur () ix renet pl
Current thread:
- Somthing intresting. Crypt1 Crypt1 (Feb 15)
- Re: Somthing intresting. gabriel rosenkoetter (Feb 16)
- Re: Somthing intresting. Chris (Feb 16)
- Re: Somthing intresting. Piotr Zurawski (Feb 16)