[Dshield] Looks strange to me

Paul Marsh pmarsh at nmefdn.org
Fri Aug 26 18:06:25 GMT 2005


I guess it's the LAN side of the DSL.  The following is the routing
table from the router.

 Destination, Mask, Gateway, Metric, Active
192.168.0.0, 255.255.255.0, 192.168.0.1, 1, Yes
10.9.95.1, 255.255.255.255, 10.9.95.1, 1, Yes

I did a tracert and it hopped from the LAN 192.168.0.1 right to
10.9.95.1

It just looked strange.

Thanx, Paul

-----Original Message-----
From: list-bounces at lists.dshield.org
[mailto:list-bounces at lists.dshield.org] On Behalf Of Richard Golodner
Sent: Friday, August 26, 2005 11:23 AM
To: 'General DShield Discussion List'
Subject: Re: [Dshield] Looks strange to me

Paul, I think Jeanne-Pierre asks a good question, what do you see when
you trace to the 10.x.x.x.? I have seen my own Wan connection running
through RFC 1918 space before it leaves Comcast. Send the details as
they become available to you.
Richard

-----Original Message-----
From: Paul Marsh [mailto:pmarsh at nmefdn.org]
Sent: Friday, August 26, 2005 11:04 AM
To: General DShield Discussion List
Subject: Re: [Dshield] Looks strange to me


Richard:

  Sorry for being short on details, I hope to dig deeper later this
afternoon or over the weekend.  Only TCP is running on the network and
as far as I know no SNMP is running.

Thanx, Paul

-----Original Message-----
From: list-bounces at lists.dshield.org
[mailto:list-bounces at lists.dshield.org] On Behalf Of Richard Golodner
Sent: Friday, August 26, 2005 9:49 AM
To: 'General DShield Discussion List'
Subject: Re: [Dshield] Looks strange to me

Paul, what other protocols are being run at your client's site besides
IP?
Maybe none, but I am trying to get some more clues. Are they using SNMP?
Any other info would be helpful.
Richard

-----Original Message-----
From: pmarsh [mailto:forum at dshield.org]
Sent: Thursday, August 25, 2005 9:36 PM
To: list at lists.dshield.org
Subject: [Dshield] Looks strange to me



I was at a client and took a look at the routing table of his netgear
router
and noticed the following.

10.9.95.1
255.255.255.255

I said to my self, self that's a private IP that's not part of his
subnet
192.168.0.* and it's also a broadcast subnet mask?

I did a little nmap against it and many random ports responded.


There are other issue that I need to address first, does anyone have any
idea what this could be?  I unplugged every device on the network and it
still responded so maybe it's the lan side of the dsl modem?  Or maybe I
just really need some rest, it sure looks strange to me.

Thanx, Paul


This message was sent via the web forum at
http://forum.dshield.org


_______________________________________________
send all posts to list at lists.dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list

_______________________________________________
send all posts to list at lists.dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list

The information in this transmittal (including attachments, if any) is
privileged and confidential and is intended only for the recipient(s)
listed
above. Any review, use, disclosure, distribution or copying of this
transmittal is prohibited except by or on behalf of the intended
recipient.
If you have received this transmittal in error, please notify me
immediately
by reply email and destroy all copies of the transmittal. Thank you.


_______________________________________________
send all posts to list at lists.dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list

_______________________________________________
send all posts to list at lists.dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list

The information in this transmittal (including attachments, if any) is privileged and confidential and is intended only for the recipient(s) listed above. Any review, use, disclosure, distribution or copying of this transmittal is prohibited except by or on behalf of the intended recipient. If you have received this transmittal in error, please notify me immediately by reply email and destroy all copies of the transmittal. Thank you.



More information about the list mailing list