Solved

Unknown Private IP's passing through our router and firewall into network from remote location

Posted on 2004-08-13
6
214 Views
Last Modified: 2013-12-14
We are using the router bellsouth gave us, a cayman 3336 i believe.
Currently i have become aware of aprox. 30+ Private IP's in the 192.168.?.? range.  What could be causing these Private Ip's that when traced, route back to the atlanta area before entering their respective private networks?  We are in miami.

I installed a firewall/router combo after the bellsouth on one of our dsl connections, and it blocked them out.  However the other line, and network is remotely administered by a company in colorado (Nxtrend).  They have a 3Com Superstack3 firewall inbetween the router and the main network, however the ip's are still passing straight through into the protected side of the firewall.

There is no VPN setup enabled on the router.  The 3Com firewall has VPN enabled, but with a secret key.

I ran a quick scan of the computers, and they came up running software that is not deployed anywhere in our business, and some had been infected with trojans.

The company i work for has done nothing on this subject for 3-4 WEEKS now...  
Nxtrend keeps telling them that the network is safe.  But i fail to understand how the network is safe if these ip's are remotely lurking on it.

Thanks for any help.
-Eric F
0
Comment
Question by:ericinmia
  • 2
6 Comments
 
LVL 11

Accepted Solution

by:
infotrader earned 25 total points
ID: 11795997
They might be right.  I have yet to find someone who can access your private network using a private IP in the same subnet as yours without some kind of physical tab into your network.

The only two scenarios I can think of:

1.  You Do have some kind of VPN setup in your network, and people have been using the VPN functionality without your knowledge from Atlanta.  This would explaine why they can get an IP address from your network with the same domain.

2.  Someone else has found your VPN's "secret key" and is using it.

Eitherway, it does not seem possible that as many as 30+ nodes can access your network without some kind of VPN setup.

- Info
0
 
LVL 11

Expert Comment

by:infotrader
ID: 11796003
Oh... or perhpas another user has setup their own VPN access and give it out to a group in Atlanta w/o your knowledge?

- Info
0
 

Assisted Solution

by:pheriplex
pheriplex earned 25 total points
ID: 11802376
The private IP numbers might travel in a network back and forth if the internal network is not "safe" at all. So the reason behind why these unknown IP packets are reaching to your network is that, the router's firewall layer allows hosts within 192.168.x.x. subnet to access your network without any filtering. The best way is that you do not "trust" all hosts within this subnet since in the world most of the attacks originate from seemingly "internal" IP addresses.

If you wish to take some security measurements, here are the steps;

1. Install Ethereal (a freely available network sniffer)
2. Try to identify the data that arrives at your network by analyzing packet capture logs generated by this program
3. Identify which computers are exposed to this threat
4. Implement a software-based packet filter for each computer instead of just trusting the router

And believe that no network is "secure" at all...
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Cable Modem Provisioning from DPoE compliant server  This Article is to support CMTS administrators to provide an overview of DOCSIS compliance configuration file, and to provision a cable modem located at customer place from a Back office serve…
Sometimes you have to pull out old tricks to get a new firewall to work… While we were installing a new Sonicwall at a customers site we found that sites they were able to visit before were not working.  It seemed random and we could not understa…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
I've attached the XLSM Excel spreadsheet I used in the video and also text files containing the macros used below. https://filedb.experts-exchange.com/incoming/2017/03_w12/1151775/Permutations.txt https://filedb.experts-exchange.com/incoming/201…

685 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question