hits from reserved IPs

Kim Holburn kim.holburn at anu.edu.au
Sat May 18 22:36:24 EST 2002

Did you get the mac address?

At 8:26 PM +1000 2002/05/18, Eyal Lebedinsky wrote:
>I have a Q about Telstra ADSL.
>Today (18May02) I got a whole flood of hits from these addresses:
>	172.16.0.*:80
>all to high ports on my IP.

tcp or udp?

>The event lasted from 12:23:08 till 12:36:27. There were 365 hits.
>I wonder it this could have come from outside the Telstra network
>(I am on Telstra ADSL) since these IPs are not routed?
>Could it come from another Telstra ADSL customer?

It must have unless telstra is routing packets it shouldn't.  If they did I wonder if you have to pay for the bytes?

>My Qs are about how the network is configured, not about the specific
>incident (all my ports are closed and everything was DENYed by my fw).
>But also, is there a known issue with connections to high ports? Maybe
>a known problem with NAT? My fw is an old 2.2 w/ipchains so any newer
>vulnerabilities will probably be missing. I recently read
>	http://rhn.redhat.com/errata/RHSA-2002-086.html
>which may be related.
>Eyal Lebedinsky (eyal at eyal.emu.id.au) <http://samba.org/eyal/>

Kim Holburn  Network Consultant  P: +61 2 61258620 M: +61 0417820641
Email: kim.holburn at anu.edu.au - PGP Public Key on request

Life is complex - It has real and imaginary parts.
     Andrea Leistra (rec.arts.sf.written.Robert-jordan)

More information about the linux mailing list