On Fri, 8 Mar 2002, Michael D. Schleif wrote:
>
> We are seeing martians on internal networks on a regular basis.
>
> Usually, it is traceable to users logging into AOL over our high speed
> internet connections:
>
> 172.128.0.0 - 172.191.255.255
>
> Today, we saw one from United Airlines:
>
> 205.174.16.0 - 205.174.23.255
>
> [1] How does this happen?
I often wonder how it happens that people who should know better fail to
provide specific error and log messages and explain what they know about
the particulars of the ip addresses, routes, machines and connections
involved. It is hard to trust reports as sanitized as this.
On the surface, the idea that packets should be generated within your LAN
with source addresses outside your network would suggest something is
seriously broken (accidentally or purposefully) with the workstation
generating the packets.
> [2] Why does this happen?
Speculation: if your AOL users are actually dialling into AOL while being
on the network, they may be temporarily acquiring an IP from AOL, and
Windows could possibly screw up and ships packets out the wrong interface.
However, something would have to be pretty weird with the AOL software if
it decided it had an AOL IP even if no dialup had occurred. There could
possibly be overlap when a dialup connection was lost as well.
> [3] Is this exploitable?
Insufficient data.
---------------------------------------------------------------------------
Jeff Newmiller The ..... ..... Go Live...
DCN:<[EMAIL PROTECTED]> Basics: ##.#. ##.#. Live Go...
Live: OO#.. Dead: OO#.. Playing
Research Engineer (Solar/Batteries O.O#. #.O#. with
/Software/Embedded Controllers) .OO#. .OO#. rocks...2k
---------------------------------------------------------------------------
_______________________________________________
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
