I'm having a little trouble understanding the problem here .. my ISP uses public addresses for our cable modems. I host an SSH server at home, and given my nightly logs, I can guarantee that it's accessible from the wide wed ;-), if the intermediate routers in the ISP's network use 10.x.x.x/8 space, who cares? No one but their techs need to access them, I assume they filter 'private' addresses at their edge so that 10.x.x.x, 192.168.x.x and 172.16.0.0-172.31.255.255 addresses don't leak to the net. The only problem is that anyone on a cable modem could access their 10.x.x.x/8 address space and frankly who cares. I don't see anything wrong with this practice.
Gary Baribault Courriel: [email protected] GPG Key: 0x685430d1 Fingerprint: 9E4D 1B7C CB9F 9239 11D9 71C3 6C35 C6B7 6854 30D1 On 05/17/2013 03:20 PM, Joshua Zukerman wrote: > Time Warner Cable (roadrunner) used to have this problem. They used > the 10.x.x.x in various subnet masks for backend management IP > addresses on all of their customer cable modems, plus whatever other > network equipment they had. 2600 mag had an article a few years ago > discussing this very issue. I assume RCN is also a cable internet > provider, so my guess is your issue is one in the same. I can safely > report that TWC is now filtering out those from the ethernet side of > the cable modem (has been for about a year or so), so I cannot see any > other 10.x.x.x networks outside of my own. Probably done via the cable > modem config & ACLs. > > > On Fri, May 17, 2013 at 3:08 PM, kyle kemmerer <[email protected] > <mailto:[email protected]>> wrote: > > So today when trying to access a device on my network (172.30.x.x > range) I was taken to the web interface of a completely different > device. This baffled me at first, but after a bit of poking > around, I determined that my ISP was actually routing traffic to > these addresses. See the trace below > > > Tracing route to 172.30.4.18 over a maximum of 30 hops > > 1 11 ms 18 ms 19 ms XXXXXXXXX > 2 30 ms 178 ms 212 ms vl4.aggr1.phdl.pa.rcn.net > <http://vl4.aggr1.phdl.pa.rcn.net> [208.59.252.1] > 3 13 ms 18 ms 13 ms tge0-1-0-0.core1.phdl.pa.rcn.net > <http://tge0-1-0-0.core1.phdl.pa.rcn.net> [207.172.15.50] > > 4 37 ms 39 ms 57 ms tge0-0-0-2.core1.lnh.md.rcn.net > <http://tge0-0-0-2.core1.lnh.md.rcn.net> [207.172.19.227] > > 5 35 ms 34 ms 32 ms tge0-1-0-1.core1.chgo.il.rcn.net > <http://tge0-1-0-1.core1.chgo.il.rcn.net> [207.172.19.235 > ] > 6 42 ms 38 ms 39 ms port-chan13.aggr2.chgo.il.rcn.net > <http://port-chan13.aggr2.chgo.il.rcn.net> [207.172.15.20 > 1] > 7 37 ms 39 ms 39 ms > port-chan1.mart-ubr1.chi-mart.il.cable.rcn.net > <http://port-chan1.mart-ubr1.chi-mart.il.cable.rcn.net> [ > 207.229.191.132] > 8 57 ms 61 ms 53 ms 172.30.4.18 > > Trace complete. > > > So I break out nmap and do a quick scan, and find that there are > thousands of these devices across this IP range. Has anybody ever > seen anything like this? Surely this must be a mistake, right? If > anybody else is using RCN as an ISP, can you access these > addresses as well? > > > > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > > > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
