The Cox@home network here in southern Cal uses 10. addresses for routers and switches in their network. It caused us some problems with our VPN, since we use 10. addresses for our private network.
Andrew Blevins Arrowhead Help Desk 1-800-669-1889 x. 8569 -----Original Message----- From: Robert Clark [mailto:[EMAIL PROTECTED]] Sent: Monday, October 29, 2001 10:37 AM To: 'Andrew Blevins'; 'scott [gts]'; 'security-basics' Subject: RE: help - can someone explain this to me? The 10.0.*, 127.*, and 192.* are not routable addresses, they are 'reserved'. I don't recall ever seeing ISP's using a 10. address as a public ip. I would wonder if I did. Robert Clark MCSE, MCP+I, MCP, A+ MIS - Texas Cellular > -----Original Message----- > From: Andrew Blevins [mailto:[EMAIL PROTECTED]] > Sent: Friday, October 26, 2001 5:02 PM > To: 'scott [gts]'; security-basics > Subject: RE: help - can someone explain this to me? > > > That these reserved addresses can't be routed I don't think > is entirely true (but I'm not a network spec. either! :-) . I > have seen many ISP's use 10. addresses for their own routers, > and for all intent's and purposes "The Internet" includes > some ISP networks (cable, DSL). It is very possible that > someone is spoofing those 10. addresses, and they are still > being routed through to your box. many times a DoS contains > many spoofed source addresses. > > Andrew Blevins > Arrowhead Help Desk > 1-800-669-1889 > x. 8569 > > > -----Original Message----- > From: scott [gts] [mailto:[EMAIL PROTECTED]] > Sent: Friday, October 26, 2001 12:26 PM > To: security-basics > Subject: RE: help - can someone explain this to me? > > > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > im pretty sure that 10.*, 127.* and 198.* are not routable > on the internet (which is why so many LANs use them), so it > looks like whatever happened to your machine is coming from > inside the LAN where your machine is hosted. > > perhaps a machine that the ISP hosts is infected with > something and throwing out packets to everything on the > LAN...? (maybe it's another damn IIS worm, since it appears > that your ISP hosts mostly NT/IIS machines) > > but dont take my word, that's just a speculation, i'm > not a networking specialist or anything. > > > -----Original Message----- > > From: Steven M Bloomfield [mailto:[EMAIL PROTECTED]] > > Subject: help - can someone explain this to me? > > > > Hi, > > I'm webmaster of a large-ish website and yesterday the > server went > down. > > It is a Redhat 6.1 Linux server. All my ISP would do was press the > 'reset' > > button - very kind of them (they are NT specialists). Inspecting my > > log files I found thousands of denied packets, all seem to > be > > within a period of 6 hours. > > My question is, could such an attack disable my machine and > crash it? > > Can anyone identify what sort of attack it was? > > > > Here's a summary below: > > > > Denied packets from modem-392.awesome.dialup.pol.co.uk > (62.25.129.136). > > Port https (tcp,eth0,input): 5 packet(s). > > Total of 5 packet(s). > > > > Denied packets from 10.10.71.237. > > Port netbios-dgm (udp,eth1,input): 69 packet(s). > > Port netbios-ns (udp,eth1,input): 333 packet(s). > > Total of 402 packet(s). > > > > Denied packets from 10.10.0.4. > > Port netbios-dgm (udp,eth1,input): 496 packet(s). > > Port netbios-ns (udp,eth1,input): 2925 packet(s). > > Total of 3421 packet(s). > > > > Denied packets from userSg017.videon.wave.ca (204.112.48.37). > > Port 500 (udp,eth0,input): 6 packet(s). > > Total of 6 packet(s). > > > > Denied packets from 207.190.199.102. > > Port https (tcp,eth0,input): 11 packet(s). > > Total of 11 packet(s). > > > > Denied packets from 10.10.32.21. > > Port netbios-dgm (udp,eth1,input): 338 packet(s). > > Port netbios-ns (udp,eth1,input): 1742 packet(s). > > Total of 2080 packet(s). > > > > Denied packets from 172.17.0.18. > > Port 1434 (udp,eth1,input): 2 packet(s). > > Total of 2 packet(s). > > > > Denied packets from 10.10.1.37. > > Port netbios-dgm (udp,eth1,input): 496 packet(s). > > Port netbios-ns (udp,eth1,input): 2925 packet(s). > > Total of 3421 packet(s). > > > > Denied packets from 10.10.32.27. > > Port netbios-dgm (udp,eth1,input): 59 packet(s). > > Port netbios-ns (udp,eth1,input): 324 packet(s). > > Total of 383 packet(s). > > > > Denied packets from 10.10.32.28. > > Port netbios-dgm (udp,eth1,input): 107 packet(s). > > Port netbios-ns (udp,eth1,input): 513 packet(s). > > Total of 620 packet(s). > > > > Denied packets from 10.10.0.1. > > Port 0 (tcp,eth1,input): 3 packet(s). > > Total of 3 packet(s). > > > > Denied packets from 10.10.0.3. > > Port bootpc (udp,eth1,input): 19 packet(s). > > Port netbios-dgm (udp,eth1,input): 475 packet(s). > > Port netbios-ns (udp,eth1,input): 2259 packet(s). > > Total of 2753 packet(s). > > > > Thanks, > Steve > > -----BEGIN PGP SIGNATURE----- > Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com> > > iQA/AwUBO9m43caXTGgZdrSUEQIcvgCfZ+8J4IIJNGsEITW9jBHaEhU0bFUAoME/ > jsdkTYNv3uylkRyyhvvyuQzi > =mXgL > -----END PGP SIGNATURE----- >
