[Dshield] incoming traffic from 192.168.0.1 ????

BarkerJr barkjr at home.com
Thu Jul 26 16:52:29 GMT 2001


A traceroute (tracert) to 192.168.0.1 would be nice...

Linksys routers are on 192.168.1.1, by the way.

-BarkerJr

----- Original Message ----- 
From: "Eric Rosander" <erosander at matrixns.com>
To: <dshield at dshield.org>
Sent: Thursday, July 26, 2001 12:29 PM
Subject: RE: [Dshield] incoming traffic from 192.168.0.1 ????


> A spoofed address or nmap decoy was my first thought.
> 
> -----Original Message-----
> From: dshield-admin at dshield.org [mailto:dshield-admin at dshield.org]On
> Behalf Of Jay Wren
> Sent: Thursday, July 26, 2001 8:29 AM
> To: 'dshield at dshield.org'
> Subject: RE: [Dshield] incoming traffic from 192.168.0.1 ????
> 
> 
> It could very well be a spoofed ip?
> 
> -J
> 
> -----Original Message-----
> From: patv at monmouth.com [mailto:patv at monmouth.com]
> Sent: Thursday, July 26, 2001 11:30 AM
> To: dshield at dshield.org
> Subject: RE: [Dshield] incoming traffic from 192.168.0.1 ????
> 
> 
> Don't be so quick on dismissing this.  The original email specifcally stated
> that it isn't the ip for his lan.  Additionally, I've gotten scans from
> reserved ip addresses before.  I don't know how it was done (although I have
> some suspicions), but it is real.
> 
> Pat
> 
> > 192.168 is the range of reserved class C nets.  These are not routable
> and
> > are commonly used for private LANs that are generally masqueraded by
> > firewalls or proxy servers.  Check to see if this is not just the
> internal
> > interface address of your linksys.  I haven't used that product.  But
> that
> > would not surprise me.  In any event, there is no point worrying about
> > a threat from that address.  It is not routable on the 'net anyway.
> > BTW,
> the
> > reserved nets are 10.0.0.0 (class A), 172.16-31.0.0 (class Bs) and
> > 192.168.0-255.0 (class Cs).
> >
> > -----Original Message-----
> > From: dshield-admin at dshield.org [mailto:dshield-admin at dshield.org]On
> > Behalf Of airratt
> > Sent: Tuesday, July 24, 2001 3:01 PM
> > To: dshield at dshield.org
> > Subject: Re: [Dshield] incoming traffic from 192.168.0.1 ????
> >
> >
> > My dig of that IP 192.168.0.1 is :BLACKHOLE.ISI.EDU
> >
> >
> > ----- Original Message -----
> > From: "Marty Keane" <mkeane89 at pacbell.net>
> > To: <dshield at dshield.org>
> > Sent: Tuesday, July 24, 2001 3:49 PM
> > Subject: [Dshield] incoming traffic from 192.168.0.1 ????
> >
> >
> > > Hello all,
> > >
> > > I'm new to the list so I hope I'm on target with my question. I'm
> using
> > > the linksys
> > > router with the latest firmware with a windows 98 machine. I just
> > > started logging my incoming traffic to the firewall and recently
> > > found something very disturbing. Hopefully there's a simple
> > > explanation. Here are the entries AM (PST)
> > >
> > > remote addr
> > > remote port                local port
> > >
> --------------------------------------------------------------------------
> > --------------
> > >
> > > 11:26:51  (first three entries)
> > >
> > > 169.254.61.126
> > > 137                            137
> > > 192.168.0.1
> > > 137                            137
> > > adsl-64-160-96-149.dsl.bkfd14.pacbell.net
> > > 137                            137
> > >
> > > 11:27:19 (remaining entries)
> > >
> > > 169.254.61.126
> > > 137                            137
> > > 192.168.0.1
> > > 137                            137
> > > adsl-64-160-96-149.dsl.bkfd14.pacbell.net
> > > 137                            137
> > > 192.168.0.1
> > > 137                            137
> > > 169.254.61.126
> > > 137                            137
> > >
> > > My apologies if there is some other formal way of raising this
> > > issue, but the fact that it's an internal looking address has me
> > > concerned. I'm aware of the
> net-bios
> > > issue with windows
> > > machines and I've cloaked my router. One last note is that
> > > 192.168.0.1 is neither my router's ip nor an ip of a machine on my
> > > LAN.
> > >
> > > Any insight would be greatly appreciated! Right now I've got my LAN
> down
> > > and I
> > > am afraid to bring it up until I know what's going on :-/
> > >
> > >
> > > Marty




More information about the list mailing list