'Re: [bidworks] Re: IP Address'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       blackicedefender-technical
Subject:    Re: [bidworks] Re: IP Address
From:       "Rob Habberfield" <robh () robh ! net>
Date:       2001-01-31 3:08:00
[Download RAW message or body]

> > I was looking at the Intruders and Attacks tabs and it shows an IP
> address
> > of 192.168.1.1... For those of you who don't know, that's an
> internal LAN
> > address. 192.168.x.x range is reserved for LANs.
>
> This may not be the wrong IP showing up.
> I'm on a cable segment and I get scans from 192.* and 10.* addresses
> all of the time. People are either misconfiguring their machines at
> home (everything on a HUB), or something similar.  With that as bait,
> all a hacker (on the cable segment) would have to do is scan
> those "internal" addresses until he/she got a reply.

192.168.x.x is reserved. So is 169.254 that Microsoft uses with DHCP when
you can't get a connection (IP Auto-Configuration aka IPAC). So are some of
the 10 class. See below... :)

> > My question is why would BlackICE show 192.168.1.1 instead of the
> > individual's proper IP? Perhaps BlackICE should show both?
>
> If that's true, could it be a NAT issue? Is that person on the same
> cable segment? Does the machine have two IP addresses?
> More topology info would help.

Yes, it could be NAT or any other connection sharing software. From what I
understand about NAT though, the "gateway" computer translates the internal
IP to the external IP with extra information in the packet, and then
translates it back once it gets the reply, those with the MS ICS (for
example) the proper IP address should show up. Unless BlackICE was
deciphering the packet and giving me the internal address (which in the case
of a regular person using BlackICE is useless). I'd imagine that if I fire
up a Hex editor and look at the .enc file I can get more information.

On a side note, have you solved your router issue? I'm having some friends
of mine who work for Comcast look into it as well.

> Peace.
> JJ

R


------------------------ Yahoo! Groups Sponsor ---------------------~-~>
eGroups is now Yahoo! Groups
Click here for more details
http://click.egroups.com/1/11231/1/_/168401/_/980911567/
---------------------------------------------------------------------_->

To Post a message, send it to:   bidworks@eGroups.com
To Unsubscribe, send a blank message to: bidworks-unsubscribe@eGroups.com

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic