lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Fri, 17 May 2013 22:22:05 +0300
From: Julius Kivimäki <julius.kivimaki@...il.com>
To: kyle kemmerer <krkemmerer@...il.com>
Cc: "full-disclosure@...ts.grok.org.uk" <full-disclosure@...ts.grok.org.uk>
Subject: Re: My ISP is routing traffic to private
	addresses...

Many ISPs do this, usually they hijack DoD ranges. It shouldn't cause any
issues.


2013/5/17 kyle kemmerer <krkemmerer@...il.com>

> So today when trying to access a device on my network (172.30.x.x range) I
> was taken to the web interface of a completely different device.  This
> baffled me at first, but after a bit of poking around, I determined that my
> ISP was actually routing traffic to these addresses.  See the trace below
>
>
> Tracing route to 172.30.4.18 over a maximum of 30 hops
>
>   1    11 ms    18 ms    19 ms  XXXXXXXXX
>   2    30 ms   178 ms   212 ms  vl4.aggr1.phdl.pa.rcn.net [208.59.252.1]
>   3    13 ms    18 ms    13 ms  tge0-1-0-0.core1.phdl.pa.rcn.net[207.172.15.50]
>
>   4    37 ms    39 ms    57 ms  tge0-0-0-2.core1.lnh.md.rcn.net[207.172.19.227]
>
>   5    35 ms    34 ms    32 ms  tge0-1-0-1.core1.chgo.il.rcn.net[207.172.19.235
> ]
>   6    42 ms    38 ms    39 ms  port-chan13.aggr2.chgo.il.rcn.net[207.172.15.20
> 1]
>   7    37 ms    39 ms    39 ms
> port-chan1.mart-ubr1.chi-mart.il.cable.rcn.net [
> 207.229.191.132]
>   8    57 ms    61 ms    53 ms  172.30.4.18
>
> Trace complete.
>
>
> So I break out nmap and do a quick scan, and find that there are thousands
> of these devices across this IP range.  Has anybody ever seen anything like
> this?  Surely this must be a mistake, right? If anybody else is using RCN
> as an ISP, can you access these addresses as well?
>
>
>
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ