[Dshield] RFC1918 addresses (was: Spam Problem)

Bruyere, Michel mbruyere at ezemcanada.com
Mon Jan 12 19:51:14 GMT 2004







<SNIP>
> With one exception... if the RFC1918 host is within your ISP's network, it
> might indeed complete a connection to your system.  While working with a
> connectivity test program for our laptop users, I discovered that I could
> ping some RFC1918 IPs from a Comcast connection (with no VPN tunnel
> established).
> 

Some ISP uses Private IPs to manage their hardware. For example, there is
one ISP here that uses 10.0.*.* addresses to manage their cable modem. I
found this out by capturing the data "before" the modem. After knowing that,
I could scan the 10.0.*.* range to find out which modem was on or off and/or
even connect to them. I was wondering where these packets were coming
from... so I've setup some monitoring and did some ports scans to find
out....

It wasn't routable over the internet but could have been accessed on the
"LAN" the ISP used to manage the devices.




More information about the list mailing list