| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 17 May 2013 15:08:23 -0400
From: kyle kemmerer <krkemmerer@...il.com>
To: full-disclosure@...ts.grok.org.uk
Subject: My ISP is routing traffic to private addresses...
So today when trying to access a device on my network (172.30.x.x range) I
was taken to the web interface of a completely different device. This
baffled me at first, but after a bit of poking around, I determined that my
ISP was actually routing traffic to these addresses. See the trace below
Tracing route to 172.30.4.18 over a maximum of 30 hops
1 11 ms 18 ms 19 ms XXXXXXXXX
2 30 ms 178 ms 212 ms vl4.aggr1.phdl.pa.rcn.net [208.59.252.1]
3 13 ms 18 ms 13 ms tge0-1-0-0.core1.phdl.pa.rcn.net[207.172.15.50]
4 37 ms 39 ms 57 ms tge0-0-0-2.core1.lnh.md.rcn.net[207.172.19.227]
5 35 ms 34 ms 32 ms tge0-1-0-1.core1.chgo.il.rcn.net[207.172.19.235
]
6 42 ms 38 ms 39 ms port-chan13.aggr2.chgo.il.rcn.net[207.172.15.20
1]
7 37 ms 39 ms 39 ms
port-chan1.mart-ubr1.chi-mart.il.cable.rcn.net [
207.229.191.132]
8 57 ms 61 ms 53 ms 172.30.4.18
Trace complete.
So I break out nmap and do a quick scan, and find that there are thousands
of these devices across this IP range. Has anybody ever seen anything like
this? Surely this must be a mistake, right? If anybody else is using RCN
as an ISP, can you access these addresses as well?
Content of type "text/html" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists