Security Incidents mailing list archives
Re: Odd entries in my Security Router logs
From: "James C. Slora Jr." <Jim.Slora () phra com>
Date: Wed, 11 Dec 2002 13:44:47 -0500
Andrews, Jonathan wrote Tuesday, December 10, 2002 12:17 PM
192.168.0.0/16 is a privately addressed netblock. These packets could not be routed over the Internet. Do you NAT at your edge router and were
these
traces obtained from the "internal" interface of your router?
Private addresses _should_ not be routed. They can be and are routed with frustrating regularity. I get (and filter of course) private address traffic from: ISP's equipment Forged packets Overloaded remote NAT devices or firewalls Misconfigured NAT Misconfigured complex Web sites Some ISPs filter it out and some don't.
If so, this would have to be something on your internal network
broadcasting
this traffic.
Probably so, but not necessarily. Depends on whether private addresses were effectively filtered upstream of the network reporting the alert. ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- RE: Odd entries in my Security Router logs Jim Terry (Dec 11)
- RE: Odd entries in my Security Router logs Julian Young (Dec 11)
- <Possible follow-ups>
- RE: Odd entries in my Security Router logs Andrews, Jonathan (US - Hermitage) (Dec 11)
- RE: Odd entries in my Security Router logs Julian Young (Dec 11)
- Re: Odd entries in my Security Router logs Michael Sierchio (Dec 11)
- RE: Odd entries in my Security Router logs David Gillett (Dec 11)
- Re: Odd entries in my Security Router logs Valdis . Kletnieks (Dec 12)
- Re: Odd entries in my Security Router logs Valdis . Kletnieks (Dec 12)
- Re: Odd entries in my Security Router logs James C. Slora Jr. (Dec 11)
- Re: Odd entries in my Security Router logs HggdH (Dec 12)