dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
443

mmainprize
join:2001-12-06
Houghton Lake, MI

2 edits

mmainprize

Member

Firewall logs entry's, need explaining

Click for full size
Ok i was looking at my firewall logs and i see a few thing i don't understand.

Maybe someone can help explain them better then i understand them.

Ok my home network local IP is underlined in Blue
I have highlighted in yellow a few IP that i question.
The yellow IP on top is a private non WAN IP but it is listed as Remote address. It don't seem right.

next The Yellow IP below is trying to access my pc and lists a local IP of 97.84.217.68 but that is not a local address on my network.

If i do a ping and nslookup this is what i get. Can anyone help explain this as it pings in 1ms so it is close, but nslookup looks like it is part of Charter.

**********
 
M:\Jack>ping 97.84.217.68
 
Pinging 97.84.217.68 with 32 bytes of data:
Reply from 97.84.217.68: bytes=32 time<1ms TTL=64
Reply from 97.84.217.68: bytes=32 time<1ms TTL=64
Reply from 97.84.217.68: bytes=32 time<1ms TTL=64
Reply from 97.84.217.68: bytes=32 time<1ms TTL=64
 
Ping statistics for 97.84.217.68:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
 
M:\Jack>nslookup 97.84.217.68
Server:  resolver.qwest.net
Address:  205.171.2.65
 
Name:    97-84-217-68.dhcp.bycy.mi.charter.com
Address:  97.84.217.68
 
************
 
TheWiseGuy
Dog And Butterfly
MVM
join:2002-07-04
East Stroudsburg, PA

1 recommendation

TheWiseGuy

MVM

said by mmainprize:

The yellow IP on top is a private non WAN IP but it is listed as Remote address. It don't seem right.

The first is easy. It is the CMTS private IP. (Cable Modem Termination system.) It is broadcasting DHCP from port 67 to port 68. Your cable modem will also have an IP in the 10.152.xxx.xxx subnet. For a full explanation of CMTS/UBR addresses see

»homepage.ntlworld.com/ro ··· ml#ubrip

Your ISP can use a Private IP on their network for any device that does not require Internet access but only requires access on their Intranet which includes you network. It likely is the first hop outside your network in a tracert.
said by mmainprize:

next The Yellow IP below is trying to access my pc and lists a local IP of 97.84.217.68 but that is not a local address on my network.

If i do a ping and nslookup this is what i get. Can anyone help explain this as it pings in 1ms so it is close, but nslookup looks like it is part of Charter.

A ping of 1 ms would likely indicate it is the public IP of your router. Go to

»/whois

and see what IP is returned. Is the log a router log or a firewall log on your computer?

mmainprize
join:2001-12-06
Houghton Lake, MI

mmainprize

Member

Ok, you are right that second address is my WAN side address of the router.

I don't remember every seeing these Router WAN address in my logs before, seems something has changed. Maybe we got new modem firmware that works different.

I have always blocked some of the DNS and NetBIOS out going, maybe these would not be blocked if i allowed those.
mmainprize

mmainprize

Member

Well i guess my brain is just not working good tonight. I think that is the way it always worked. It is just showing it blocked that second address form get past the router.

I don't know what i was thinking when i first looked at it. I am getting old i guess.

Thanks for your help
HELLFIRE
MVM
join:2009-11-25

1 recommendation

HELLFIRE to mmainprize

MVM

to mmainprize
said by mmainprize:

The yellow IP on top is a private non WAN IP but it is listed as Remote address. It don't seem right.

Try a tracert to said 10.152.100.1 address and see. And you are right, 10.x.x.x/8, 172.16.0.0/12 and 192.168.0.0/16
are NOT supposed to be routable on the public internet, but doesn't stop some ISPs using them as TheWiseGuy See Profile mentioned.

An alternate way is whatismyipaddress.com or checking on your gateway device, if it has said feature.

Regards