Unknown Private IP's passing through our router and firewall into network from remote location
Posted on 2004-08-13
We are using the router bellsouth gave us, a cayman 3336 i believe.
Currently i have become aware of aprox. 30+ Private IP's in the 192.168.?.? range. What could be causing these Private Ip's that when traced, route back to the atlanta area before entering their respective private networks? We are in miami.
I installed a firewall/router combo after the bellsouth on one of our dsl connections, and it blocked them out. However the other line, and network is remotely administered by a company in colorado (Nxtrend). They have a 3Com Superstack3 firewall inbetween the router and the main network, however the ip's are still passing straight through into the protected side of the firewall.
There is no VPN setup enabled on the router. The 3Com firewall has VPN enabled, but with a secret key.
I ran a quick scan of the computers, and they came up running software that is not deployed anywhere in our business, and some had been infected with trojans.
The company i work for has done nothing on this subject for 3-4 WEEKS now...
Nxtrend keeps telling them that the network is safe. But i fail to understand how the network is safe if these ip's are remotely lurking on it.
Thanks for any help.