The 10.0.*, 127.*, and 192.* are not routable addresses, they are 'reserved'. I don't recall ever seeing ISP's using a 10. address as a public ip. I would wonder if I did.
Robert Clark MCSE, MCP+I, MCP, A+ MIS - Texas Cellular > -----Original Message----- > From: Andrew Blevins [mailto:[EMAIL PROTECTED]] > Sent: Friday, October 26, 2001 5:02 PM > To: 'scott [gts]'; security-basics > Subject: RE: help - can someone explain this to me? > > > That these reserved addresses can't be routed I don't think > is entirely true (but I'm not a network spec. either! :-) . I > have seen many ISP's use 10. addresses for their own routers, > and for all intent's and purposes "The Internet" includes > some ISP networks (cable, DSL). It is very possible that > someone is spoofing those 10. addresses, and they are still > being routed through to your box. many times a DoS contains > many spoofed source addresses. > > Andrew Blevins > Arrowhead Help Desk > 1-800-669-1889 > x. 8569 > > > -----Original Message----- > From: scott [gts] [mailto:[EMAIL PROTECTED]] > Sent: Friday, October 26, 2001 12:26 PM > To: security-basics > Subject: RE: help - can someone explain this to me? > > > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > im pretty sure that 10.*, 127.* and 198.* are not routable > on the internet (which is why so many LANs use them), so it > looks like whatever happened to your machine is coming from > inside the LAN where your machine is hosted. > > perhaps a machine that the ISP hosts is infected with > something and throwing out packets to everything on the > LAN...? (maybe it's another damn IIS worm, since it appears > that your ISP hosts mostly NT/IIS machines) > > but dont take my word, that's just a speculation, i'm > not a networking specialist or anything. > > > -----Original Message----- > > From: Steven M Bloomfield [mailto:[EMAIL PROTECTED]] > > Subject: help - can someone explain this to me? > > > > Hi, > > I'm webmaster of a large-ish website and yesterday the > server went > down. > > It is a Redhat 6.1 Linux server. All my ISP would do was press the > 'reset' > > button - very kind of them (they are NT specialists). Inspecting my > > log files I found thousands of denied packets, all seem to > be > > within a period of 6 hours. > > My question is, could such an attack disable my machine and > crash it? > > Can anyone identify what sort of attack it was? > > > > Here's a summary below: > > > > Denied packets from modem-392.awesome.dialup.pol.co.uk > (62.25.129.136). > > Port https (tcp,eth0,input): 5 packet(s). > > Total of 5 packet(s). > > > > Denied packets from 10.10.71.237. > > Port netbios-dgm (udp,eth1,input): 69 packet(s). > > Port netbios-ns (udp,eth1,input): 333 packet(s). > > Total of 402 packet(s). > > > > Denied packets from 10.10.0.4. > > Port netbios-dgm (udp,eth1,input): 496 packet(s). > > Port netbios-ns (udp,eth1,input): 2925 packet(s). > > Total of 3421 packet(s). > > > > Denied packets from userSg017.videon.wave.ca (204.112.48.37). > > Port 500 (udp,eth0,input): 6 packet(s). > > Total of 6 packet(s). > > > > Denied packets from 207.190.199.102. > > Port https (tcp,eth0,input): 11 packet(s). > > Total of 11 packet(s). > > > > Denied packets from 10.10.32.21. > > Port netbios-dgm (udp,eth1,input): 338 packet(s). > > Port netbios-ns (udp,eth1,input): 1742 packet(s). > > Total of 2080 packet(s). > > > > Denied packets from 172.17.0.18. > > Port 1434 (udp,eth1,input): 2 packet(s). > > Total of 2 packet(s). > > > > Denied packets from 10.10.1.37. > > Port netbios-dgm (udp,eth1,input): 496 packet(s). > > Port netbios-ns (udp,eth1,input): 2925 packet(s). > > Total of 3421 packet(s). > > > > Denied packets from 10.10.32.27. > > Port netbios-dgm (udp,eth1,input): 59 packet(s). > > Port netbios-ns (udp,eth1,input): 324 packet(s). > > Total of 383 packet(s). > > > > Denied packets from 10.10.32.28. > > Port netbios-dgm (udp,eth1,input): 107 packet(s). > > Port netbios-ns (udp,eth1,input): 513 packet(s). > > Total of 620 packet(s). > > > > Denied packets from 10.10.0.1. > > Port 0 (tcp,eth1,input): 3 packet(s). > > Total of 3 packet(s). > > > > Denied packets from 10.10.0.3. > > Port bootpc (udp,eth1,input): 19 packet(s). > > Port netbios-dgm (udp,eth1,input): 475 packet(s). > > Port netbios-ns (udp,eth1,input): 2259 packet(s). > > Total of 2753 packet(s). > > > > Thanks, > Steve > > -----BEGIN PGP SIGNATURE----- > Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com> > > iQA/AwUBO9m43caXTGgZdrSUEQIcvgCfZ+8J4IIJNGsEITW9jBHaEhU0bFUAoME/ > jsdkTYNv3uylkRyyhvvyuQzi > =mXgL > -----END PGP SIGNATURE----- >
