[Dshield] incoming traffic from 192.168.0.1 ????

Tim Winders twinders at SPC.cc.tx.us
Tue Jul 24 21:23:21 GMT 2001


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

There are (unfortunately) many ISPs who leak these RFC1918 addresses and
just as many who do not filter them on ingress.  Every few months there is
a heated discussion on this subject on the NANOG mailing list.

Unfortunately, there isn't much you can do about it.

Unless you want to complain to your upstream provider, all you can do is
filter those addresses at your end (if you have the capability) and move
on down the road...

=== Tim

     **********************************************
        Tim Winders, MCSE, CNE, CCNA
        Associate Dean of Information Technology
        South Plains College
        Levelland, TX  79336

        Phone:	806-894-9611 x 2369
        FAX:	806-894-1549
        Email:	TWinders at SPC.cc.tx.us
     **********************************************


On Tue, 24 Jul 2001, Marty Keane wrote:

> Hello all,
>
> I'm new to the list so I hope I'm on target with my question. I'm using
> the linksys
> router with the latest firmware with a windows 98 machine. I just
> started logging my incoming
> traffic to the firewall and recently found something very disturbing.
> Hopefully there's a simple
> explanation. Here are the entries AM (PST)
>
> remote addr
> remote port                local port
> ----------------------------------------------------------------------------------------
>
> 11:26:51  (first three entries)
>
> 169.254.61.126
> 137                            137
> 192.168.0.1
> 137                            137
> adsl-64-160-96-149.dsl.bkfd14.pacbell.net
> 137                            137
>
> 11:27:19 (remaining entries)
>
> 169.254.61.126
> 137                            137
> 192.168.0.1
> 137                            137
> adsl-64-160-96-149.dsl.bkfd14.pacbell.net
> 137                            137
> 192.168.0.1
> 137                            137
> 169.254.61.126
> 137                            137
>
> My apologies if there is some other formal way of raising this issue,
> but the fact that it's
> an internal looking address has me concerned. I'm aware of the net-bios
> issue with windows
> machines and I've cloaked my router. One last note is that 192.168.0.1
> is neither
> my router's ip nor an ip of a machine on my LAN.
>
> Any insight would be greatly appreciated! Right now I've got my LAN down
> and I
> am afraid to bring it up until I know what's going on :-/
>
>
> Marty
>
> _______________________________________________
> Dshield mailing list
> Dshield at dshield.org
> To change your subscription options (or unsubscribe), see: http://www1.dshield.org/mailman/listinfo/dshield
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (OSF1)
Comment: Made with pgp4pine 1.76

iEYEARECAAYFAjtd50sACgkQTPuHnIooYbyLbQCfYPHxjEhKNHxsx8P5YYWbh4o+
zH8AoK/9kTB5okHZU/Q11ugdq7/Vbvch
=zj4a
-----END PGP SIGNATURE-----





More information about the list mailing list