dslreports logo
    All Forums Hot Topics Gallery


how-to block ads

Search Topic:
share rss forum feed

The Rock

1 recommendation

reply to anarchoi2

Re: intruder in my network

Hamachi is a VPN. So you didn't entirely delete all the VPN software

Freedom is NOT Free
The Boro
·Cingular Wireless
·Comcast Business..

2 edits

1 recommendation

said by Lagz:

Hamachi is a VPN. So you didn't entirely delete all the VPN software

And the owner of the IP address used by that Himachi connection is somewhat interesting:

% This is the RIPE Database query service.
% The objects are in RPSL format.
% The RIPE Database is subject to Terms and Conditions.
% See http://www.ripe.net/db/support/db-terms-conditions.pdf
% Note: this output has been filtered.
%       To receive output for a database update, use the "-B" flag.
% Information related to ' -'
inetnum: -
netname:        UK-MOD-19850128
descr:          DINSA, Ministry of Defence
country:        GB
org:            ORG-DMoD1-RIPE
admin-c:        MN1891-RIPE
tech-c:         MN1891-RIPE
status:         ALLOCATED PA
mnt-by:         RIPE-NCC-HM-MNT
mnt-lower:      UK-MOD-MNT
mnt-domains:    UK-MOD-MNT
mnt-routes:     UK-MOD-MNT
source:         RIPE # Filtered
organisation:   ORG-DMoD1-RIPE
org-name:       DINSA, Ministry of Defence
org-type:       LIR
address:        Not Published
                Not Published Not Published
                United Kingdom
phone:          +44 (0)30 677 00816
admin-c:        MN1891-RIPE
mnt-ref:        UK-MOD-MNT
mnt-ref:        RIPE-NCC-HM-MNT
mnt-by:         RIPE-NCC-HM-MNT
source:         RIPE # Filtered
person:         Mathew Newton
address:        C4 Architecture
address:        UK Ministry of Defence
phone:          +44 (0)30 677 00816
abuse-mailbox:  hostmaster@mod.uk
nic-hdl:        MN1891-RIPE
source:         RIPE # Filtered
mnt-by:         UK-MOD-MNT
% Information related to ''
descr:          INS-MOD-NET
descr:          INSnet core/customer route
descr:          Address Space owned by MOD
descr:          see whois.arin.net
member-of:      RS-AS5378
origin:         AS5378
mnt-by:         AS5378-MNT
source:         RIPE # Filtered
% This query was served by the RIPE Database Query Service version 1.47.5 (WHOIS1)

My assumption was that connection was probably "work related", but...

OK, the Himachi/UK MoD mystery is solved:


The first change concerns the use of the 5.x.x.x address space. As you may or may not be aware, this address space has been allocated by IANA to RIPE NCC two years ago. RIPE NCC has been handing out these addresses to their customers, and having Hamachi active on your computer means that you’re not able to access a growing portion of the Internet. We’ve added IPv6 support to Hamachi a while back, and you can simply turn off the use of the 5/8 space, but we realize that IPv4 is still very important to most of you. Therefore we’ll be changing every Hamachi node’s address to the 25/8 space...

Why 25/8? Well, it rhymes a bit with 5/8, and furthermore, it’s a block that’s been allocated to a foreign government agency for private use for almost two decades. We have no Hamachi users from this address space, and it’s highly unlikely that the general public would need to access one of these IP addresses. However, our general recommendation is that if you can, please turn off IPv4 support in your Hamachi clients. The IPv6 space we’re using has been registered to LogMeIn, and most modern software should function perfectly without needing an IPv4 address.

So, it seems that LogMeIn/Himachi has simply hijacked the UK MoD's IPv4 address space. I can't believe that the UK MoD has not already nuked them.

OTOH, the phrase "plausible deniability" does come to mind, so maybe the UK MoD isn't really too upset about LogMeIn/Himachi spoofing their IP addresses.
We can never have enough of nature.
We need to witness our own limits transgressed, and some life pasturing freely where we never wander.

The Rock

2 recommendations

The 5.x.x.x address block was reserved at one time. The 5.x.x.x block was used by Hamachi to avoid collisions with private IP networks that might be in use on the client side. Hamachi was wrong to hijack the range, but if IANA has it reserved, then one might as well utilize it. I hope IANA doesn't decide to simply allocate the 10.x.x.x range at some point in the future.
When somebody tells you nothing is impossible, ask him to dribble a football.