[Dshield] incoming traffic from 192.168.0.1 ????

patv@monmouth.com patv at monmouth.com
Thu Jul 26 15:30:00 GMT 2001


Don't be so quick on dismissing this.  The original email specifcally
stated that it isn't the ip for his lan.  Additionally, I've gotten scans
from reserved ip addresses before.  I don't know how it was done (although
I have some suspicions), but it is real.

Pat

> 192.168 is the range of reserved class C nets.  These are not routable
and
> are commonly used for private LANs that are generally masqueraded by
> firewalls or proxy servers.  Check to see if this is not just the
internal
> interface address of your linksys.  I haven't used that product.  But
that
> would not surprise me.  In any event, there is no point worrying about a
> threat from that address.  It is not routable on the 'net anyway.  BTW,
the
> reserved nets are 10.0.0.0 (class A), 172.16-31.0.0 (class Bs) and
> 192.168.0-255.0 (class Cs).
> 
> -----Original Message-----
> From: dshield-admin at dshield.org [mailto:dshield-admin at dshield.org]On
> Behalf Of airratt
> Sent: Tuesday, July 24, 2001 3:01 PM
> To: dshield at dshield.org
> Subject: Re: [Dshield] incoming traffic from 192.168.0.1 ????
> 
> 
> My dig of that IP 192.168.0.1 is :BLACKHOLE.ISI.EDU
> 
> 
> ----- Original Message -----
> From: "Marty Keane" <mkeane89 at pacbell.net>
> To: <dshield at dshield.org>
> Sent: Tuesday, July 24, 2001 3:49 PM
> Subject: [Dshield] incoming traffic from 192.168.0.1 ????
> 
> 
> > Hello all,
> >
> > I'm new to the list so I hope I'm on target with my question. I'm
using
> > the linksys
> > router with the latest firmware with a windows 98 machine. I just
> > started logging my incoming
> > traffic to the firewall and recently found something very disturbing.
> > Hopefully there's a simple
> > explanation. Here are the entries AM (PST)
> >
> > remote addr
> > remote port                local port
> >
--------------------------------------------------------------------------
> --------------
> >
> > 11:26:51  (first three entries)
> >
> > 169.254.61.126
> > 137                            137
> > 192.168.0.1
> > 137                            137
> > adsl-64-160-96-149.dsl.bkfd14.pacbell.net
> > 137                            137
> >
> > 11:27:19 (remaining entries)
> >
> > 169.254.61.126
> > 137                            137
> > 192.168.0.1
> > 137                            137
> > adsl-64-160-96-149.dsl.bkfd14.pacbell.net
> > 137                            137
> > 192.168.0.1
> > 137                            137
> > 169.254.61.126
> > 137                            137
> >
> > My apologies if there is some other formal way of raising this issue,
> > but the fact that it's
> > an internal looking address has me concerned. I'm aware of the
net-bios
> > issue with windows
> > machines and I've cloaked my router. One last note is that 192.168.0.1
> > is neither
> > my router's ip nor an ip of a machine on my LAN.
> >
> > Any insight would be greatly appreciated! Right now I've got my LAN
down
> > and I
> > am afraid to bring it up until I know what's going on :-/
> >
> >
> > Marty
> >
> > _______________________________________________
> > Dshield mailing list
> > Dshield at dshield.org
> > To change your subscription options (or unsubscribe), see:
> http://www1.dshield.org/mailman/listinfo/dshield
> 
> _______________________________________________
> Dshield mailing list
> Dshield at dshield.org
> To change your subscription options (or unsubscribe), see:
> http://www1.dshield.org/mailman/listinfo/dshield
> 
> _______________________________________________
> Dshield mailing list
> Dshield at dshield.org
> To change your subscription options (or unsubscribe), see:
http://www1.dshield.org/mailman/listinfo/dshield
> 


---------------------------------------------
This message was sent using MI-Webmail.
No matter where you are, never lose touch.
Get your Email using MI-Webmail.
http://www.monmouth.com/





More information about the list mailing list