[PLUG] Odd ping response behavior from private IP addresses
Anthony Schlemmer
aschlemm at attbi.com
Sat Aug 3 05:39:36 UTC 2002
It may be that the cable network has devices on it that are using
private IPs or something. I've had on occasion IPs from 10.x.x.x/8 hit
my firewall. I have my firewall setup to silently drop all incoming
packets from private IPs as listed in RFC1918. I'm also careful to make
sure my firewall will not route any private IPs to the outside network
as well.
Tony
On Friday 02 August 2002 22:00 pm, Matt Alexander wrote:
> I noticed something odd today. There are several private IP
> addresses that I'm able to ping from my home cable Internet
> connection, but the responses come back from valid public IP
> addresses for two other cable Internet users (I'm assuming they're
> users), but with "Time to live exceeded" messages.
>
> So for example, I can ping 172.16.1.5 and I'll get:
>
> From xxx.xxx.xxx.xxx icmp_seq=1 Time to live exceeded
> From xxx.xxx.xxx.xxx icmp_seq=2 Time to live exceeded
>
> And pinging 172.16.1.6 will give me a different public IP:
>
> From yyy.yyy.yyy.yyy icmp_seq=1 Time to live exceeded
> From yyy.yyy.yyy.yyy icmp_seq=2 Time to live exceeded
>
> Pinging other random private IP addresses results in responses from
> one of these two computers. I'm behind a firewall doing NAT for an
> internal 192.168.1.0/24 network, so the 172.16.x.x addresses
> shouldn't respond at all (in theory).
> Any ideas what's going on here? Does someone on the cable network
> outside my firewall have their boxes/routers misconfigured to answer
> for these addresses?
> Thanks,
> ~M
>
>
> _______________________________________________
> PLUG mailing list
> PLUG at lists.pdxlinux.org
> http://lists.pdxlinux.org/mailman/listinfo/plug
--
Anthony Schlemmer
aschlemm at attbi.com
>>>>This machine was last rebooted: 5 days 9:51 hours ago<<
More information about the PLUG
mailing list