[Dshield] RE: (Dshield) Reserved Addresses (And $0.02 on Kornet)
bob88 at garbonzo.hos.ufl.edu
Fri Mar 8 04:46:09 GMT 2002
David Sentelle wrote:
> Yes, ISP's have some interesting routing tricks they do. For instance, at home on my cable modem, all traffic is routed through a 10.0.32.1 IP address. I've also noticed occasional connection attempts from similar IPs.
It may be that they are scanning the network to look for various vulnerable servers,
etc., either so they can notify customers with problem systems (this doesn't seem
to happen often), or to gather information about what is on their network to
enforce their usage policies, plan for future expansion, or whatever.
> I find this interesting since on my traceroutes there is no indication that I even have a firewall between myself and the cable modem. As I understand it, from my home machine, my firewall should be the first hop on ANY traceroute.
Yes, it should. And there is nothing your ISP can do to change that. Either your
firewall isn't a firewall, or it is designed to be invisible to a traceroute (i.e.
it doesn't decrement the time to live counter in your outbound packets). Some
firewalls are designed to behave that way to make it harder for an attacker to
figure out that the firewall exists.
More information about the list