[Dshield] incoming traffic from 192.168.0.1 ????

ALEPH aleph0 at pacbell.net
Thu Jul 26 05:36:16 GMT 2001


192.168 is the range of reserved class C nets.  These are not routable and
are commonly used for private LANs that are generally masqueraded by
firewalls or proxy servers.  Check to see if this is not just the internal
interface address of your linksys.  I haven't used that product.  But that
would not surprise me.  In any event, there is no point worrying about a
threat from that address.  It is not routable on the 'net anyway.  BTW, the
reserved nets are 10.0.0.0 (class A), 172.16-31.0.0 (class Bs) and
192.168.0-255.0 (class Cs).

-----Original Message-----
From: dshield-admin at dshield.org [mailto:dshield-admin at dshield.org]On
Behalf Of airratt
Sent: Tuesday, July 24, 2001 3:01 PM
To: dshield at dshield.org
Subject: Re: [Dshield] incoming traffic from 192.168.0.1 ????


My dig of that IP 192.168.0.1 is :BLACKHOLE.ISI.EDU


----- Original Message -----
From: "Marty Keane" <mkeane89 at pacbell.net>
To: <dshield at dshield.org>
Sent: Tuesday, July 24, 2001 3:49 PM
Subject: [Dshield] incoming traffic from 192.168.0.1 ????


> Hello all,
>
> I'm new to the list so I hope I'm on target with my question. I'm using
> the linksys
> router with the latest firmware with a windows 98 machine. I just
> started logging my incoming
> traffic to the firewall and recently found something very disturbing.
> Hopefully there's a simple
> explanation. Here are the entries AM (PST)
>
> remote addr
> remote port                local port
> --------------------------------------------------------------------------
--------------
>
> 11:26:51  (first three entries)
>
> 169.254.61.126
> 137                            137
> 192.168.0.1
> 137                            137
> adsl-64-160-96-149.dsl.bkfd14.pacbell.net
> 137                            137
>
> 11:27:19 (remaining entries)
>
> 169.254.61.126
> 137                            137
> 192.168.0.1
> 137                            137
> adsl-64-160-96-149.dsl.bkfd14.pacbell.net
> 137                            137
> 192.168.0.1
> 137                            137
> 169.254.61.126
> 137                            137
>
> My apologies if there is some other formal way of raising this issue,
> but the fact that it's
> an internal looking address has me concerned. I'm aware of the net-bios
> issue with windows
> machines and I've cloaked my router. One last note is that 192.168.0.1
> is neither
> my router's ip nor an ip of a machine on my LAN.
>
> Any insight would be greatly appreciated! Right now I've got my LAN down
> and I
> am afraid to bring it up until I know what's going on :-/
>
>
> Marty
>
> _______________________________________________
> Dshield mailing list
> Dshield at dshield.org
> To change your subscription options (or unsubscribe), see:
http://www1.dshield.org/mailman/listinfo/dshield

_______________________________________________
Dshield mailing list
Dshield at dshield.org
To change your subscription options (or unsubscribe), see:
http://www1.dshield.org/mailman/listinfo/dshield




More information about the list mailing list