Solved

Unknown Private IP's passing through our router and firewall into network from remote location

Posted on 2004-08-13
6
216 Views
Last Modified: 2013-12-14
We are using the router bellsouth gave us, a cayman 3336 i believe.
Currently i have become aware of aprox. 30+ Private IP's in the 192.168.?.? range.  What could be causing these Private Ip's that when traced, route back to the atlanta area before entering their respective private networks?  We are in miami.

I installed a firewall/router combo after the bellsouth on one of our dsl connections, and it blocked them out.  However the other line, and network is remotely administered by a company in colorado (Nxtrend).  They have a 3Com Superstack3 firewall inbetween the router and the main network, however the ip's are still passing straight through into the protected side of the firewall.

There is no VPN setup enabled on the router.  The 3Com firewall has VPN enabled, but with a secret key.

I ran a quick scan of the computers, and they came up running software that is not deployed anywhere in our business, and some had been infected with trojans.

The company i work for has done nothing on this subject for 3-4 WEEKS now...  
Nxtrend keeps telling them that the network is safe.  But i fail to understand how the network is safe if these ip's are remotely lurking on it.

Thanks for any help.
-Eric F
0
Comment
Question by:ericinmia
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
6 Comments
 
LVL 11

Accepted Solution

by:
infotrader earned 25 total points
ID: 11795997
They might be right.  I have yet to find someone who can access your private network using a private IP in the same subnet as yours without some kind of physical tab into your network.

The only two scenarios I can think of:

1.  You Do have some kind of VPN setup in your network, and people have been using the VPN functionality without your knowledge from Atlanta.  This would explaine why they can get an IP address from your network with the same domain.

2.  Someone else has found your VPN's "secret key" and is using it.

Eitherway, it does not seem possible that as many as 30+ nodes can access your network without some kind of VPN setup.

- Info
0
 
LVL 11

Expert Comment

by:infotrader
ID: 11796003
Oh... or perhpas another user has setup their own VPN access and give it out to a group in Atlanta w/o your knowledge?

- Info
0
 

Assisted Solution

by:pheriplex
pheriplex earned 25 total points
ID: 11802376
The private IP numbers might travel in a network back and forth if the internal network is not "safe" at all. So the reason behind why these unknown IP packets are reaching to your network is that, the router's firewall layer allows hosts within 192.168.x.x. subnet to access your network without any filtering. The best way is that you do not "trust" all hosts within this subnet since in the world most of the attacks originate from seemingly "internal" IP addresses.

If you wish to take some security measurements, here are the steps;

1. Install Ethereal (a freely available network sniffer)
2. Try to identify the data that arrives at your network by analyzing packet capture logs generated by this program
3. Identify which computers are exposed to this threat
4. Implement a software-based packet filter for each computer instead of just trusting the router

And believe that no network is "secure" at all...
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

    Over the past few years, small business and home owners have become so dependent on internet that a need for redundancy has arisen.    What happens when your small business or home / home office loses its internet connection?  The results c…
This solves the problem of diagnosing why an internet connection is no longer working. It also helps identify the likely cause of the lost connection if the procedure fails to re-establish your internet connection. It helps to pinpoint the likely co…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question