Solved

Unknown Private IP's passing through our router and firewall into network from remote location

Posted on 2004-08-13
6
211 Views
Last Modified: 2013-12-14
We are using the router bellsouth gave us, a cayman 3336 i believe.
Currently i have become aware of aprox. 30+ Private IP's in the 192.168.?.? range.  What could be causing these Private Ip's that when traced, route back to the atlanta area before entering their respective private networks?  We are in miami.

I installed a firewall/router combo after the bellsouth on one of our dsl connections, and it blocked them out.  However the other line, and network is remotely administered by a company in colorado (Nxtrend).  They have a 3Com Superstack3 firewall inbetween the router and the main network, however the ip's are still passing straight through into the protected side of the firewall.

There is no VPN setup enabled on the router.  The 3Com firewall has VPN enabled, but with a secret key.

I ran a quick scan of the computers, and they came up running software that is not deployed anywhere in our business, and some had been infected with trojans.

The company i work for has done nothing on this subject for 3-4 WEEKS now...  
Nxtrend keeps telling them that the network is safe.  But i fail to understand how the network is safe if these ip's are remotely lurking on it.

Thanks for any help.
-Eric F
0
Comment
Question by:ericinmia
  • 2
6 Comments
 
LVL 11

Accepted Solution

by:
infotrader earned 25 total points
ID: 11795997
They might be right.  I have yet to find someone who can access your private network using a private IP in the same subnet as yours without some kind of physical tab into your network.

The only two scenarios I can think of:

1.  You Do have some kind of VPN setup in your network, and people have been using the VPN functionality without your knowledge from Atlanta.  This would explaine why they can get an IP address from your network with the same domain.

2.  Someone else has found your VPN's "secret key" and is using it.

Eitherway, it does not seem possible that as many as 30+ nodes can access your network without some kind of VPN setup.

- Info
0
 
LVL 11

Expert Comment

by:infotrader
ID: 11796003
Oh... or perhpas another user has setup their own VPN access and give it out to a group in Atlanta w/o your knowledge?

- Info
0
 

Assisted Solution

by:pheriplex
pheriplex earned 25 total points
ID: 11802376
The private IP numbers might travel in a network back and forth if the internal network is not "safe" at all. So the reason behind why these unknown IP packets are reaching to your network is that, the router's firewall layer allows hosts within 192.168.x.x. subnet to access your network without any filtering. The best way is that you do not "trust" all hosts within this subnet since in the world most of the attacks originate from seemingly "internal" IP addresses.

If you wish to take some security measurements, here are the steps;

1. Install Ethereal (a freely available network sniffer)
2. Try to identify the data that arrives at your network by analyzing packet capture logs generated by this program
3. Identify which computers are exposed to this threat
4. Implement a software-based packet filter for each computer instead of just trusting the router

And believe that no network is "secure" at all...
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

    Over the past few years, small business and home owners have become so dependent on internet that a need for redundancy has arisen.    What happens when your small business or home / home office loses its internet connection?  The results c…
Sometimes you have to pull out old tricks to get a new firewall to work… While we were installing a new Sonicwall at a customers site we found that sites they were able to visit before were not working.  It seemed random and we could not understa…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now