[Dshield] RE: (Dshield) Reserved Addresses (And $0.02 on Kornet)
micheal at cancercare.net
Fri Mar 8 16:29:54 GMT 2002
Most cable modems, DSL modems for that matter, are set up in a bridged
configuration. That allows the provider to not have to use at minimum of 3
real ip's at a residential connection. 1 Ip at the serial/HFC port, one on
the ethernet port and one for your PC.
As for the Kornet issue, I remember way back when the internet wasn't that
large. Networks would be blackholed at the NAP if there were major issues.
USNET still does this on occasion as does many of the IRC networks that are
still in existance.
Here's my personal take on it.
- Each end of the problem has a network to maintain.
- Each end has responsibilities to ensure that they're network isn't
directly affecting the network of others in a harmful way. - SA's are much
in the line of the ship captain. They should know their equipment, it's
capabilities and how it's used at any time.
- An SA should be open to suggestions/recommendations from the outside
networks in the event that their network causes issues remotely.
-An SA should be responsive to issues as they arise to the best of their
ability. If they can't do these things, they have no business in the
position to start with.
I'm not perfect and I don't know everything. In comparison to some, I know
very little, to others, I'm an Einstein. That's the way life in IT is these
As for the comments by others earlier in this thread about allowing them to
save face it's not going to happen. If they're sending traffic my way that I
don't want or authorize, it won't get here. If they don't want to deal with
the issues before they leave their router, then it's up to the rest of the
Internet (us folks) to deal with at our end. Eventially, the law of averages
will come into play and they'll find themself with all the bandwidth that
they need, but no place to connect to.
Cancer Care Network
----- Original Message -----
From: "David Sentelle" <David.Sentelle at cnbcbank.com>
To: <list at dshield.org>
Sent: Thursday, March 07, 2002 11:16 AM
Subject: [Dshield] RE: (Dshield) Reserved Addresses (And $0.02 on Kornet)
> Yes, ISP's have some interesting routing tricks they do. For instance, at
home on my cable modem, all traffic is routed through a 10.0.32.1 IP
address. I've also noticed occasional connection attempts from similar IPs.
> I find this interesting since on my traceroutes there is no indication
that I even have a firewall between myself and the cable modem. As I
understand it, from my home machine, my firewall should be the first hop on
> I think I even made posts to this list about it when I first noticed that
was going on. Fortunately, another person said they had seen that trick on
their cable ISP.
> And for my $0.02 on Kornet... I find it very hard to believe that the IT
people at Kornet aren't required to know english. I've never worked
internationally, but I was under the impression that if you worked on PCs
anywhere, you had to know at least a little english. Sure you can run
windows in a number of language modes, but that doesn't mean that all
software supports it.
> Has anyone seen a router that can be configured in Korean?
> David Sentelle
> Network Operations Specialist
> Commerce National Bank
> 614.334.6282 Voice 614.848.8830 Fax
> >>> list-request at dshield.org 03/07/02 12:02PM >>>
> Message: 1
> From: "Toney, Mark" <mtoney at sodexhoUSA.com>
> To: "\"Dshield\" " <list at dshield.org>,
> "\"Keith Gainford\" "
> <keith.gainford at btopenworld.com>
> Date: Wed, 6 Mar 2002 16:55:00 -0500
> Subject: [Dshield] RE: (Dshield) Reserved Addresses
> Reply-To: list at dshield.org
> Port 137 UDP could be either TROJ_MSINIT.A (see
> INIT.A) or NETBIOS Name Service.
> Since it's coming from a 10.X.X.X address, would it be safe to assume
> that Keith's ISP probably has a machine with that address that is
> sending the queries?
> ______________________________ Reply Separator
> Subject: (Dshield) Reserved Addresses
> Author: "Keith Gainford" <SMTP:keith.gainford at btopenworld.com> at BUFFALO
> Date: 3/6/2002 1:43 PM
> I received two Port 137 UDP attacks from addresses within the 10.x.x.x
> block. I am a home user and am not very knowledgable about the reasons for
> Reserved Addresses. Is there any way of finding out where they have come
> from, and who if anyone to report this abuse to.
> Keith G
> This e-mail and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to which they are
addressed. If you have received this e-mail in error, please notify
admin at cnbcbank.com and delete it from your system.
> Dshield mailing list
> Dshield at dshield.org
> To change your subscription options (or unsubscribe), see:
More information about the list