Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Security Breach ?

Status
Not open for further replies.
IanRob

IanRob

Technical User
Jan 16, 2001
15
0
0
AU
Hope I am in right forum, but I found the following whilst investigating (Backtracing)the traffic log my firewall produced. Anyone know what it is about and do I have a problem. This is one of many (Some are blocked & some are allowed for some reason)
IANA (RESERVED-6)
Internet Assigned Numbers Authority
4676 Admiralty Way, Suite 330
Marina del Rey, CA 90292-6695
US

Netname: RESERVED-10
Netblock: 10.0.0.0 - 10.255.255.255

Coordinator:
Internet Corporation for Assigned Names and Numbers (IANA-ARIN) res-ip@iana.org
(310) 823-9358

Domain System inverse mapping provided by:

BLACKHOLE-1.IANA.ORG 192.0.32.18
BLACKHOLE-2.IANA.ORG 192.0.32.19

These blocks are reserved for special purposes.
Please see RFC 1918 for additional information.

Record last updated on 12-Oct-2001.
Database last updated on 23-Aug-2002 16:56:03 EDT.

The ARIN Registration Services Host contains ONLY Internet
Network Information: Networks, ASN's, and related POC's.
Please use the whois server at rs.internic.net for DOMAIN related
Information and whois.nic.mil for NIPRNET Information.
 
Sort by date Sort by votes
IanRob,

You need to take a look at RFC 1918 on Private Network Numbering. Basically it allows for a block of Class A (10.x.x.x), Class B (172.16.x.x - 172.31.x.x) and Class C (192.168.x.x) addresses that will never be allocated on the Internet.

These numbers can be used on any private network, and are used by most ISPs and many other organizations to number their internal network, while allowing them to use a relatively small public address block.

This means that you captured IP addresses that are either on your own internal network, or on your ISP's network. The best way to see where they actually are originating from is to run a traceroute from your firewall and see where they end up.

I have had packets that were sent by someone not familiar with NAT, that neglected to rewrite the source address and they sent a private address instead. In these cases, it was simply a problem with the end user's configuration. But that is extremely rare.

Normally, it is someone who is dial-up on your ISP, or it is a compromised machine on your ISP's network that is attempting to access your site.

Anyone else have any different experiences?

pansophic
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

gbayi_omo
  • Locked
  • Question
Cisco ASA 5505 not allowing access to highest security zone
Replies
0
Views
71
gbayi_omo
gbayi_omo
abhi21
  • Locked
  • Question
Interesting article on Cyber Security
Replies
0
Views
55
abhi21
abhi21
jfp23
  • Locked
  • Question
Site to Site VPN Security
Replies
2
Views
90
PScottC
PScottC
cisco222
  • Locked
  • Question
CCNA security exam
Replies
0
Views
60
cisco222
cisco222
Architeqt
  • Locked
  • News
Boston Bombers and todays security infrastructure
Replies
0
Views
48
Architeqt
Architeqt

Part and Inventory Search

Sponsor

Back
Top