[Dshield] RE: (Dshield) Reserved Addresses (And $0.02 on Kornet)
David.Sentelle at cnbcbank.com
Thu Mar 7 17:16:29 GMT 2002
Yes, ISP's have some interesting routing tricks they do. For instance, at home on my cable modem, all traffic is routed through a 10.0.32.1 IP address. I've also noticed occasional connection attempts from similar IPs.
I find this interesting since on my traceroutes there is no indication that I even have a firewall between myself and the cable modem. As I understand it, from my home machine, my firewall should be the first hop on ANY traceroute.
I think I even made posts to this list about it when I first noticed that was going on. Fortunately, another person said they had seen that trick on their cable ISP.
And for my $0.02 on Kornet... I find it very hard to believe that the IT people at Kornet aren't required to know english. I've never worked internationally, but I was under the impression that if you worked on PCs anywhere, you had to know at least a little english. Sure you can run windows in a number of language modes, but that doesn't mean that all software supports it.
Has anyone seen a router that can be configured in Korean?
Network Operations Specialist
Commerce National Bank
614.334.6282 Voice 614.848.8830 Fax
>>> list-request at dshield.org 03/07/02 12:02PM >>>
From: "Toney, Mark" <mtoney at sodexhoUSA.com>
To: "\"Dshield\" " <list at dshield.org>,
"\"Keith Gainford\" "
<keith.gainford at btopenworld.com>
Date: Wed, 6 Mar 2002 16:55:00 -0500
Subject: [Dshield] RE: (Dshield) Reserved Addresses
Reply-To: list at dshield.org
Port 137 UDP could be either TROJ_MSINIT.A (see
INIT.A) or NETBIOS Name Service.
Since it's coming from a 10.X.X.X address, would it be safe to assume
that Keith's ISP probably has a machine with that address that is
sending the queries?
______________________________ Reply Separator
Subject: (Dshield) Reserved Addresses
Author: "Keith Gainford" <SMTP:keith.gainford at btopenworld.com> at BUFFALO
Date: 3/6/2002 1:43 PM
I received two Port 137 UDP attacks from addresses within the 10.x.x.x
block. I am a home user and am not very knowledgable about the reasons for
Reserved Addresses. Is there any way of finding out where they have come
from, and who if anyone to report this abuse to.
This e-mail and any files transmitted with it are confidential and intended solely for the use of the individual or entity to which they are addressed. If you have received this e-mail in error, please notify admin at cnbcbank.com and delete it from your system.
More information about the list