[Dshield] Scanning from 127.0.0.1

Kenneth Porter shiva at sewingwitch.com
Fri Sep 26 20:09:35 GMT 2003


--On Friday, September 26, 2003 8:28 AM -0700 John Hardin
<johnh at aproposretail.com> wrote:

> 2) Reserved private IPs (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) have
> no business on the Internet. Period. They should be discarded on all ISP
> backbone boundary routers, source IP or destination IP. Period. Unless
> the ISP is for some reason assigning their clients reserved IP
> addresses, their client-side routers (e.g. DSL and dialup concentrators)
> should also discard those ranges, source IP or destination IP. Period.
> If they are assigning their clients reserved private IPs, than only the
> blocks they are using should be permitted on the client-side routers. 

FYI, Comcast (previously AT&T) is using the 10/8 block for some kind of
internal network and this address shows up in traceroute replies from their
routers and from their DHCP relays. This prevents customers from using ingress
filtering for these netblocks if they want to use traceroute or DHCP (and they
must use the latter).

Here's the first few entries for a traceroute to our favorite service:

traceroute to dshield.org (63.100.47.44), 30 hops max, 38 byte packets
 1  10.144.224.1 (10.144.224.1)  17.699 ms  13.924 ms  12.223 ms
 2  12.244.97.97 (12.244.97.97)  15.083 ms  9.119 ms  8.098 ms
 3  12.244.67.86 (12.244.67.86)  8.664 ms  8.435 ms  9.344 ms




More information about the list mailing list