lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <5196E25A.9050007@baribault.net>
Date: Fri, 17 May 2013 22:07:22 -0400
From: Gary Baribault <gary@...ibault.net>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: My ISP is routing traffic to private
	addresses...

If they use the 10.0.0.0/8 there's no harm, if they use a DOD range or
another 'public' routable range, there is definitely a risk.

Gary B

Gary Baribault
Courriel: gary@...ibault.net
GPG Key: 0x685430d1
Fingerprint: 9E4D 1B7C CB9F 9239 11D9 71C3 6C35 C6B7 6854 30D1

On 05/17/2013 03:22 PM, Julius Kivimäki wrote:
> Many ISPs do this, usually they hijack DoD ranges. It shouldn't cause
> any issues.
>
>
> 2013/5/17 kyle kemmerer <krkemmerer@...il.com
> <mailto:krkemmerer@...il.com>>
>
>     So today when trying to access a device on my network (172.30.x.x
>     range) I was taken to the web interface of a completely different
>     device.  This baffled me at first, but after a bit of poking
>     around, I determined that my ISP was actually routing traffic to
>     these addresses.  See the trace below
>
>
>     Tracing route to 172.30.4.18 over a maximum of 30 hops
>
>       1    11 ms    18 ms    19 ms  XXXXXXXXX
>       2    30 ms   178 ms   212 ms  vl4.aggr1.phdl.pa.rcn.net
>     <http://vl4.aggr1.phdl.pa.rcn.net> [208.59.252.1]
>       3    13 ms    18 ms    13 ms  tge0-1-0-0.core1.phdl.pa.rcn.net
>     <http://tge0-1-0-0.core1.phdl.pa.rcn.net> [207.172.15.50]
>
>       4    37 ms    39 ms    57 ms  tge0-0-0-2.core1.lnh.md.rcn.net
>     <http://tge0-0-0-2.core1.lnh.md.rcn.net> [207.172.19.227]
>
>       5    35 ms    34 ms    32 ms  tge0-1-0-1.core1.chgo.il.rcn.net
>     <http://tge0-1-0-1.core1.chgo.il.rcn.net> [207.172.19.235
>     ]
>       6    42 ms    38 ms    39 ms  port-chan13.aggr2.chgo.il.rcn.net
>     <http://port-chan13.aggr2.chgo.il.rcn.net> [207.172.15.20
>     1]
>       7    37 ms    39 ms    39 ms
>      port-chan1.mart-ubr1.chi-mart.il.cable.rcn.net
>     <http://port-chan1.mart-ubr1.chi-mart.il.cable.rcn.net> [
>     207.229.191.132]
>       8    57 ms    61 ms    53 ms  172.30.4.18
>
>     Trace complete.
>
>
>     So I break out nmap and do a quick scan, and find that there are
>     thousands of these devices across this IP range.  Has anybody ever
>     seen anything like this?  Surely this must be a mistake, right? If
>     anybody else is using RCN as an ISP, can you access these
>     addresses as well?
>
>
>
>
>
>     _______________________________________________
>     Full-Disclosure - We believe in it.
>     Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>     Hosted and sponsored by Secunia - http://secunia.com/
>
>
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/


Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ