[Dshield] RE: (Dshield) Reserved Addresses (And $0.02 on Kornet)

Bob Johnson bob88 at garbonzo.hos.ufl.edu
Fri Mar 8 04:46:09 GMT 2002


David Sentelle wrote:
> 
> Yes, ISP's have some interesting routing tricks they do.  For instance, at home on my cable modem, all traffic is routed through a 10.0.32.1 IP address.  I've also noticed occasional connection attempts from similar IPs.
>

It may be that they are scanning the network to look for various vulnerable servers, 
etc., either so they can notify customers with problem systems (this doesn't seem 
to happen often), or to gather information about what is on their network to 
enforce their usage policies, plan for future expansion, or whatever.
 
> I find this interesting since on my traceroutes there is no indication that I even have a firewall between myself and the cable modem.  As I understand it, from my home machine, my firewall should be the first hop on ANY traceroute.

Yes, it should.  And there is nothing your ISP can do to change that.  Either your 
firewall isn't a firewall, or it is designed to be invisible to a traceroute (i.e. 
it doesn't decrement the time to live counter in your outbound packets).  Some 
firewalls are designed to behave that way to make it harder for an attacker to 
figure out that the firewall exists.

- Bob




More information about the list mailing list