?
Solved

Unknown Private IP's passing through our router and firewall into network from remote location

Posted on 2004-08-13
6
Medium Priority
?
218 Views
Last Modified: 2013-12-14
We are using the router bellsouth gave us, a cayman 3336 i believe.
Currently i have become aware of aprox. 30+ Private IP's in the 192.168.?.? range.  What could be causing these Private Ip's that when traced, route back to the atlanta area before entering their respective private networks?  We are in miami.

I installed a firewall/router combo after the bellsouth on one of our dsl connections, and it blocked them out.  However the other line, and network is remotely administered by a company in colorado (Nxtrend).  They have a 3Com Superstack3 firewall inbetween the router and the main network, however the ip's are still passing straight through into the protected side of the firewall.

There is no VPN setup enabled on the router.  The 3Com firewall has VPN enabled, but with a secret key.

I ran a quick scan of the computers, and they came up running software that is not deployed anywhere in our business, and some had been infected with trojans.

The company i work for has done nothing on this subject for 3-4 WEEKS now...  
Nxtrend keeps telling them that the network is safe.  But i fail to understand how the network is safe if these ip's are remotely lurking on it.

Thanks for any help.
-Eric F
0
Comment
Question by:ericinmia
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
6 Comments
 
LVL 11

Accepted Solution

by:
infotrader earned 100 total points
ID: 11795997
They might be right.  I have yet to find someone who can access your private network using a private IP in the same subnet as yours without some kind of physical tab into your network.

The only two scenarios I can think of:

1.  You Do have some kind of VPN setup in your network, and people have been using the VPN functionality without your knowledge from Atlanta.  This would explaine why they can get an IP address from your network with the same domain.

2.  Someone else has found your VPN's "secret key" and is using it.

Eitherway, it does not seem possible that as many as 30+ nodes can access your network without some kind of VPN setup.

- Info
0
 
LVL 11

Expert Comment

by:infotrader
ID: 11796003
Oh... or perhpas another user has setup their own VPN access and give it out to a group in Atlanta w/o your knowledge?

- Info
0
 

Assisted Solution

by:pheriplex
pheriplex earned 100 total points
ID: 11802376
The private IP numbers might travel in a network back and forth if the internal network is not "safe" at all. So the reason behind why these unknown IP packets are reaching to your network is that, the router's firewall layer allows hosts within 192.168.x.x. subnet to access your network without any filtering. The best way is that you do not "trust" all hosts within this subnet since in the world most of the attacks originate from seemingly "internal" IP addresses.

If you wish to take some security measurements, here are the steps;

1. Install Ethereal (a freely available network sniffer)
2. Try to identify the data that arrives at your network by analyzing packet capture logs generated by this program
3. Identify which computers are exposed to this threat
4. Implement a software-based packet filter for each computer instead of just trusting the router

And believe that no network is "secure" at all...
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Ready to improve network connectivity? Watch this webinar to learn how SD-WANs and a one-click instant connect tool can boost provisions, deployment, and management of your cloud connection.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This solves the problem of diagnosing why an internet connection is no longer working. It also helps identify the likely cause of the lost connection if the procedure fails to re-establish your internet connection. It helps to pinpoint the likely co…
Cable Modem Provisioning from DPoE compliant server  This Article is to support CMTS administrators to provide an overview of DOCSIS compliance configuration file, and to provision a cable modem located at customer place from a Back office serve…
This is my first video review of Microsoft Bookings, I will be doing a part two with a bit more information, but wanted to get this out to you folks.
Visualize your data even better in Access queries. Given a date and a value, this lesson shows how to compare that value with the previous value, calculate the difference, and display a circle if the value is the same, an up triangle if it increased…
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question