RE: Antwort: RFC 1911 IPs in my firewall logs

Fri, 25 Jan 2002 09:57:40 -0800 


Actually, Win98 uses the APIPA address of 169.254.x.x also.

JJ
Jeff Johnson, MCSE 2000, MCSE+I, CNA
Senior Consultant
Information Risk Management Group
Crowe Chizek and Company LLP


                                                                                       
                                 
                    "Mark McNally"                                                     
                                 
                    <mark.mcnally@acein       To:     <[EMAIL PROTECTED]>, 
<[EMAIL PROTECTED]>                      
                    fo.net.au>                cc:     
<[EMAIL PROTECTED]>                               
                                              Subject:     RE: Antwort: RFC 1911 IPs 
in my firewall logs                
                    01/23/2002 07:19 PM                                                
                                 
                                                                                       
                                 
                                                                                       
                                 




Only W2k and WinXP use 169.254.x.y if there is no DHCP server, Win9x
uses 192.168.*.

Mark

-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, 22 January 2002 10:08 PM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: RE: Antwort: RFC 1911 IPs in my firewall logs

No thats not entirely right because the Automatic Private IP Adressing
(APIPA) Feature of Windows uses Adresses in the Range 169.254.x.y

Andreas Balg
X-MD

-----Original Message-----
From: Carsten.Schuette [mailto:[EMAIL PROTECTED]]
Sent: Saturday, January 19, 2002 1:42 PM
To: security-basics
Subject: Antwort: RFC 1911 IPs in my firewall logs


If I remember right, setting a NIC in Windows to DHCP and there is no
Server, the IP is set to something in 192.168.*. Maybe there is Winbox
near
You spamming the line?




Hello all,

Reviewing my home office firewall logs, I noticed an
entry in which someone tried to connect to my
external interface with an IP of 192.168.50.xx.  I
assume it's a spoofed address, but I just don't know
how they got it to traverse the Internet?  How can that
be routed?

Thanks.




HITCON AG
Carsten Schütte
Gartenstasse 208
48147 Münster
Telefon:     0251/2801-129
Telefax:     0251/2801-280
Mobil:  0170/6364-129
E-Mail:      [EMAIL PROTECTED]
Internet:    http://www.hitcon.de






~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
This message may contain privileged or confidential information.  If you
are not the intended recipient of this message, you may not make any use
of, or rely in any way on, this information, and you should destroy this
message and notify the sender by reply email.  Any opinions or advice
contained in this email are subject to the terms and conditions in any
applicable client engagement letter or service agreement.

Reply via email to