In my experience with Black Ice I have also seen logged attacks from 192.168 entries, all this really meant to me was that the person was not expecting a response back from their packets and that they had spoofed their local IP in order to stop it from being logged correctly by a remote host with an admin who actually checks those things. I wouldn't spend to much time trying to figure out who it was from the NI attack logs since it's most likely just a spoofed IP and even permanently blocking the IP isn't going to buy you much.
Tim -----Original Message----- From: Jim [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 08, 2003 8:07 PM To: 'Brad Arlt' Cc: [EMAIL PROTECTED] Subject: RE: Questions about 192.168 Brad wrote: <<<<< > 192.168.1.255 are both ping-able). When doing nmap, it shows > 192.168.1.255 as remote, the others as local. However, when I do a > traceroute on these supposedly local ones, it shows a number of hops out > over the Internet, implying that they are not connected locally. Does > this make sense? I am unfamiliar with nmap calling anything "local" or "remote". >>>>> Sorry about that, what it really said was: Host (192.168.1.255) seems to be a subnet broadcast address (returned 1 extra pings). Skipping host. I guess I should have read it a little slower. Jim ------------------------------------------------------------------------ --- Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare. Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance. Visit us at: http://www.neoteris.com/promos/sf-6-9.htm ------------------------------------------------------------------------ ---- --------------------------------------------------------------------------- Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare. Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance. Visit us at: http://www.neoteris.com/promos/sf-6-9.htm ----------------------------------------------------------------------------
