myNetWatchman KnowledgeBase
Pooling knowledge to
secure the internet.
|
 |
Private IP Addresses:
Several ranges of network addresses have been specifically designated for use
within private networks:
10.*.*.*
172.16.*.* - 172.31.*.*
192.168.*.*
Most Internet routers will drop all traffic where the destination address
is within one of the private ranges. It is possible though to send traffic through
the Internet where the source address is private--this is one form of
IP spoofing. It is highly doubtful that any log entry sourced from a private
address is a port scan attempt from the Internet. Port scanners need to receive
responses back from their scan requests in order to determine which systems
might be vulnerable to an attack--if they spoof their address using a private
IP, they will never receive any responses back.
If the attacker IP is private, it is much more likely this this "attack"
was generated by system on your own network or from systems within your ISPs
local network (e.g. other cable modem users, or bridged xDSL users).
Check the IP address and make sure it's not one of your own systems.
Spoofed source addresses ARE commonly used in denial-of-service (DoS) attacks
where the attacker doesn't need return traffic to accomplish his goals. If you
suspect your are being subjected to a DoS attack, and the source address is
a private IP, your should report the problem to YOUR ISP's abuse department.
You can learn more about private IP addresses here: RFC
1918
|
