Private IP Addresses.

[heepbigchief]

I have a question. Since private IP addresses are only employed on private networks and presumably a private IP address cannot access the internet and the outside cannot get in...

I recently retired a computer from internet access to being a stand alone computer and in order to try to find out what was making the thing so freaky (never found any malware type stuff on it) I was going over the packet logs.

That computer was under attack from a private IP address. That address would not accept ping or any other form of communication but they were certainly beating that poor comp to death but I don't know why. They knew what they were doing to because they had access to my firewall and disabled the password protected configuration settings and removed some blocked IP addresses. I GEOIP'd the private address and it showed that it was within a mile of my real world address.

Since I'm just a home user and not a bank or the Pentagon I can in any way ever fathom why some malicious would go as far as they did since the only thing I kept on the comp was the OS and some text files.

Now how is this possible unless a person was spoofing the IP address and knew or didn't know that it was a private IP address that they were spoofing?

[AboveTheLogic]

I'm not sure I follow.

Private IP address would have to be in one of the following ranges:
10.0.0.0 – 10.255.255.255
172.16.0.0 – 172.31.255.255
192.168.0.0 – 192.168.255.255

Nothin in any of those ranges could possibly be tracked to a location.

As for a reason.. could just be someone practicing their skills on you and not after anything inparticular. Make sure you have strong passwords on your router and computers.

[heepbigchief]

Quote:

Originally Posted by AboveTheLogic

I'm not sure I follow.

Private IP address would have to be in one of the following ranges:
10.0.0.0 – 10.255.255.255
172.16.0.0 – 172.31.255.255
192.168.0.0 – 192.168.255.255

Nothin in any of those ranges could possibly be tracked to a location.

As for a reason.. could just be someone practicing their skills on you and not after anything inparticular. Make sure you have strong passwords on your router and computers.

Hi, thanks for responding. Since the private IP did what it did and GEOIP put a location on it I can only assume that the IP was spoofed?

I GEOIP'd it after ARIN said that it was private IP and rendered no info on it.

Can GEOIP put a location on a high jacked private IP address or does GEOIP outright ignore private IP's and not process them? I'm gonna go get reassemble that other comp and refresh myself as to who, what and when.

[aprotosimaki]

It is entirely possible that someone was spoofing IP packets and assigning as its source IP address a private IP address (RFC1918).

But since the packet was also crafted with a public destination IP address, it would have arrived at your computer but your machine would not have been able to send replies (just as you weren't).

This crafting of packets is relatively trivial and there are a number of tools that are designed for this purpose.

Although routers should be configured to drop IP packets with an RFC1918 source address, they are not all configured correctly. This is why at work we have added filters to our perimeter firewall to drop all incoming packets with a source IP in the RFC1918 range. They are called "martians".