He is probably useing NAT, ie. he has an internet IP address at the ISP, 192.xxx or similar. The ISP useually has less IPs available in their pool than they have users, so they have a box that assigns users the external IP, and routes their requested data to their internal IP.
Yours, Poul Wann --------- IT-College Denmark poulwaj (at) it-college.dk -----Oprindelig meddelelse----- Fra: Administrator [mailto:[EMAIL PROTECTED] Sendt: Saturday, September 27, 2003 8:05 PM Til: [EMAIL PROTECTED] Emne: [Full-Disclosure] IP Resolving problems with DSL user [sls] After a discussion about computer security with a fairly computer-literate friend, I was asked to perform various vulnerability scans on his system remotely. He gave me his IP address at the same time as I ran "netstat" to obtain it and both came out to be the same number but just to be sure a WHOIS was run and the IP was listed as belonging to his ISP. An nmap scan and an "xscan" (windows-based vulnerability scanner) were started against this IP and port 23 was found to be open so I attempted a TELNET and was greeted with a fairly suprising "WARNING" message that included the real DNS name of the computer I was scanning (which happened to be a server belonging to his ISP). All scans were halted immediately and both of us wrote apology letters to the ISP explaining this mistake. My question is this: How could this have happened? Both "winipcfg" in his Windows 98 system as well as his client software told him his IP was this as well as a "netstat /a" from my system. Thank you for comments, Alex Petrosian [EMAIL PROTECTED] _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ########################################### This message has been scanned by F-Secure Anti-Virus for Microsoft Exchange. For more information, connect to http://www.F-Secure.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
