Re: Illegal IP Addresses (II)

David E. Wach (david@clipper.net)
Tue, 22 Jun 1999 11:43:46 -0700 (PDT)


On Mon, 7 Jun 1999, Bruce Stephens wrote:

> are a little incorrect. But there is no way of tracing 'traceroute' these
> addresses. So how does anyone expect to get a response to a command from a
> 192.168.x.x address across the internet?
> Interestingly, even though the UDP message from 192.168.5.192 is stopped by
> the firewall (RULE is DENY) this system attempts to respond with an ICMP/3
> back to 192.168.5.192 (in this case) but is blocked by the fw-out rules
> (and logged)!!
> Neat huh.
>
> To date I have had 2740 hits - admittedly over a period of a few weeks.
>
> Regards,
> Bruce.
>

Sorry to revisit an old thread, but was just troubleshooting some
masq-related problems and noticed that we were getting packets trying to
go to 192.0.0.192. If you do a reverse lookup on that address, you get:

Name: 192.0.0.0-is-used-for-printservices-discovery----illegally.iana.net
Address: 192.0.0.192

The network in question did have a lot of printing (netbios) activity on
it.

Anyway, something to look for leaking from any Win* based network.

-d

--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
David E. Wach                        |
Senior Systems Administrator         |
ClipperNet Internet Access Services  |    "Zeros and ones will take
541.431.3360                         |       us there..."
david@clipper.net                    |
http://www.clipper.net               |
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

- To unsubscribe from this list: send the line "unsubscribe linux-net" in the body of a message to majordomo@vger.rutgers.edu