Hello,
There is nothing to say about 192.168.1.* but that this is a private address
space. Refer to the RFC 1597 and RFC 1918 for details concerning reserved
addresses for private net.
Thus, this net is to be considered to be reserved! A public router on the
Internet should be configured not to accept reserved addresses, a firewall
should consider such addresses (on Internat) as illegal spoofed ones etc.
In an internal private nework you can and should configure your routers to
accept routing between reserved nets. And, if you are paranoid, signal every
appearance of registered addresses in your internal network and block such
addresses immediately. To prevent registeded IP addresses to be exposed in
your internal network you can use NAT together with tunneling Internet
access in your internal network using IPsec or PPTP. This is a very
effective tool for detecting misconfigurations and to enable a high security
level internally.
Regards,
Axel Skough
> -----Ursprungligt meddelande-----
> Fr�n: Joshua Chamas [SMTP:[EMAIL PROTECTED]]
> Skickat: den 7 maj 1999 08:20
> Till: [EMAIL PROTECTED]
> �mne: Odd TCP Probe w/ 192.168.1.* IP
>
> Hey,
>
> One of my machines just got probed by a set of IPs
> during the same _TCP_ probe, one of which is an illegal
> 192.168.1.*
>
> My understanding was that 192.168.1.* addresses wouldn't
> be routable, and that having the probe alternate IPs
> also concerns me.
>
> So I wonder what kind of danger there might be here.
> Could this be some kind of "stealth" probe. What good
> would it do a scanner to alternate IP's ? Is the
> 192.168.1.* some sort of primer?
>
> Someone please enlighten me as this challenges my knowledge
> of IP networking.
>
> Thanks,
>
> Joshua
>
> (2) May 6 20:04:20 bastion ipmon[87]: 20:04:20.104592 iprb @0:3 p
> 192.168.1.65,1752 -> 209.xxx.xxx.xxx,80 PR tcp len 20 44 -S
> (1) May 6 20:04:23 bastion ipmon[87]: 20:04:23.065728 iprb @0:3 p
> 38.149.215.71,1752 -> 209.xxx.xxx.xxx,80 PR tcp len 20 44 -S
> (1) May 6 20:04:23 bastion ipmon[87]: 20:04:23.171150 iprb @0:3 p
> 38.149.215.71,1752 -> 209.xxx.xxx.xxx,80 PR tcp len 20 40 -A
> (1) May 6 20:04:23 bastion ipmon[87]: 20:04:23.173108 iprb @0:3 p
> 38.149.215.71,1752 -> 209.xxx.xxx.xxx,80 PR tcp len 20 114 -AP
> (1) May 6 20:04:23 bastion ipmon[87]: 20:04:23.298487 iprb @0:3 p
> 38.149.215.71,1752 -> 209.xxx.xxx.xxx,80 PR tcp len 20 40 -A
> (1) May 6 20:04:31 bastion ipmon[87]: 20:04:30.479423 iprb @0:3 p
> 192.168.1.65,1752 -> 209.xxx.xxx.xxx,80 PR tcp len 20 40 -AF
> (1) May 6 20:04:40 bastion ipmon[87]: 20:04:40.094519 iprb @0:3 p
> 192.168.1.65,1752 -> 209.xxx.xxx.xxx,80 PR tcp len 20 40 -AF
> (1) May 6 20:04:59 bastion ipmon[87]: 20:04:59.323681 iprb @0:3 p
> 192.168.1.65,1752 -> 209.xxx.xxx.xxx,80 PR tcp len 20 40 -AF
> (1) May 6 20:05:38 bastion ipmon[87]: 20:05:37.782541 iprb @0:3 p
> 192.168.1.65,1752 -> 209.xxx.xxx.xxx,80 PR tcp len 20 40 -AF
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
