dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
18
share rss forum feed

grasmussen

join:2012-11-29
Pompano Beach, FL
reply to tschmidt

Re: Questionable IP address outside service provider's gateway

Tom,
Thank you for responding. I have been trying to get to the head technician but after leaving 3 voice messages and getting no callbacks I'm frustrated. I will try to get to the corporate offices next.

Is it possible that someone could be scanning traffic through this 192.168.x.x hop for the purpose of recording private info such as online bank account information?

Jerry


public

join:2002-01-19
Santa Clara, CA

said by grasmussen:

Is it possible that someone could be scanning traffic through this 192.168.x.x hop for the purpose of recording private info such as online bank account information?

presumably that is encrypted. If not, you have a bigger problem.
All of your traffic is recorded by the NSA.


tschmidt
Premium,MVM
join:2000-11-12
Milford, NH
kudos:9
Reviews:
·G4 Communications
·Fairpoint Commun..
·Hollis Hosting

1 recommendation

reply to grasmussen

said by grasmussen:

Is it possible that someone could be scanning traffic through this 192.168.x.x hop for the purpose of recording private info such as online bank account information?

Not sure what you mean by "scanning traffic." There is nothing special about the Private Address blocks. If this was something nefarious why would the attacker make it so obvious? If this was a CALEA tap you would never see it.

The 74.115.232.0/22 and 208.67.164.0/22 IPs belong to Fibernet. Looks like Hop 5 is the interface between your ISP and wholesale ISP Fibernet.

Likewise on my traceroute 74.120.40.0/21 is Fibernet.
»tools.whois.net/whoisbyip/

KISS - keep it simple stupid - Your ISP is using private IPs for routers within their network - nothing wrong with that. Using private IPs and exposing them to the Internet - a big no no. I should not be able to see hop 17 on my traceroute 192.168.1.2. As mentioned the fact you can see 192.168.1.5 and 192.168.1.1 is normal since you are internal to the ISP's network

The choice of particular private IP address block is unusual in that most home routers also use the 192.168/16 block making collision with customer LAN address more likely. Remember the benefit of Private Addresses is that the block can be used multiple times by multiple entities. However each user must keep the block hidden from the Internet.

If you are interested in the gory details of the side effects of using Private IPs within ISP core, RFC 6752 discusses the issue. I found it interesting reading. I had not paid much attention to the down side until I responded to your problem. BTW I am not an ISP nor do I play one on TV so this is new territory for me.
»tools.ietf.org/html/rfc6752

/tom



stormbow
Freedom isn't FREE
Premium
join:2002-07-31
Simi Valley, CA
reply to grasmussen

said by grasmussen:

Is it possible that someone could be scanning traffic through this 192.168.x.x hop for the purpose of recording private info such as online bank account information?

Jerry

If I was going to sniff your traffic, you would never know it. I would put a managed switch in the mix with a monitor port running. It would show no trace. I do it here to make sure we aren't having issues on our exterior segment. (We are not an ISP, so no I'm not sniffing my coworkers details)

grasmussen

join:2012-11-29
Pompano Beach, FL

Thank you all for your input. Interesting feedback! Looks like some research as suggested by Tom could be entertaining and enlightening. Jerry