There are many ISP that route IP traffic through networks with private addresses, my ISP to do the same thing and has 10.0.0.0 class A addresses routable. May be it is a miss of IP addresses or may be a NAT that was published due to some network need.
regards, On Fri, May 17, 2013 at 8:08 PM, kyle kemmerer <[email protected]> wrote: > So today when trying to access a device on my network (172.30.x.x range) I > was taken to the web interface of a completely different device. This > baffled me at first, but after a bit of poking around, I determined that my > ISP was actually routing traffic to these addresses. See the trace below > > > Tracing route to 172.30.4.18 over a maximum of 30 hops > > 1 11 ms 18 ms 19 ms XXXXXXXXX > 2 30 ms 178 ms 212 ms vl4.aggr1.phdl.pa.rcn.net [208.59.252.1] > 3 13 ms 18 ms 13 ms > tge0-1-0-0.core1.phdl.pa.rcn.net[207.172.15.50] > > 4 37 ms 39 ms 57 ms > tge0-0-0-2.core1.lnh.md.rcn.net[207.172.19.227] > > 5 35 ms 34 ms 32 ms > tge0-1-0-1.core1.chgo.il.rcn.net[207.172.19.235 > ] > 6 42 ms 38 ms 39 ms > port-chan13.aggr2.chgo.il.rcn.net[207.172.15.20 > 1] > 7 37 ms 39 ms 39 ms > port-chan1.mart-ubr1.chi-mart.il.cable.rcn.net [ > 207.229.191.132] > 8 57 ms 61 ms 53 ms 172.30.4.18 > > Trace complete. > > > So I break out nmap and do a quick scan, and find that there are thousands > of these devices across this IP range. Has anybody ever seen anything like > this? Surely this must be a mistake, right? If anybody else is using RCN > as an ISP, can you access these addresses as well? > > > > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > -- Ali MEZGANI *N*etwork *E*ngineering/*S*ecurity http://www.nativelabs.org/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
