I have been told by a reliable source that they have seen a lot of private address traffic on their shared-bandwidth (ie, cable modem) internet connection. Seems that there are a lot of people out there with mis-configured routers. It may be that you are running into something similar...
Mike Burden Lynk Systems (616)532-4985 [EMAIL PROTECTED] -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Joseph C. Bender Sent: Friday, August 04, 2000 9:16 AM To: Gnatbox mailing list Subject: Spoof? Or am I reading the RFC wrong? --------------------- Attention ----------------------------- Online GNAT Box User Forum is Now Open Click the Register link and sign up today http://www.gnatbox.com/cgi-bin/Ultimate.cgi ------------------------------------------------------------- Send postings to: [EMAIL PROTECTED] Access the list archives at: http://www.gnatbox.com/gb-users/ ------------------------------------------------------------- I got the following alarm last night (Real IP's XXXed out: ALARM NO: 1 DATE: Friday, Aug 4, 2000 TIME: 09:03:46 INTERFACE: EXT (fxp0) ALARM TYPE: Possible spoof IP PACKET: TCP [10.20.10.12/80]-->[63.X.X.X/6660] l=0 f=0x11 [10.20.10.12/80]-->[63.X.X.X/6660] DETAILED DESCRIPTION: Return interface for IP packet is different than arrival. The previous day, I had configured static routes for subnets that will be added soon to our WAN, which are all private addresses, one subnet being 10.20.0.0. Our subnetting is based on RFC1918 for private addressing which lists 10.0.0.0 as a Class A private subnet. Is someone out there misconfigured (*or* spoofing), or have I miscalculated? Signing off, Joseph C. Bender, Systems Analyst, Burns & Wilcox, LTD <[EMAIL PROTECTED]> 248-932-9000 #include <std_disclaimer.h> My opinions are NOT that of Burns&Wilcox Ltd. ---------------------------------------------- To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe gb-users your_email_address in the body of the message
