Network question

Discussion in 'OT Technology' started by eideteker, Mar 28, 2009.

  1. eideteker

    eideteker Who jarked off in my frakkin' coffee? OT Supporter

    Joined:
    Feb 15, 2006
    Messages:
    2,428
    Likes Received:
    0
    Location:
    PA.
    I was playing around with NMap and found some hots in my private IP range that I don't recognize. I use 192.168.1.* and I found some 192.168.2.* hosts, one of which has port 23 open for SSH (tried to login using my known credentials, access denied). The OS detection on that host says it's reasonably sure it's running IOS, but I have no Cisco hardware (I have a Linksys WRT54G but it's running HyperWRT). One of the other hosts has a port open for H.323 which as far as I can tell is a VoIP protocol...I have no VoIP on my network, not even Vonage. :ugh:

    What the hell is going on here? Have I been pwned?
     
  2. retorq

    retorq What up bitch??

    Joined:
    Dec 14, 2006
    Messages:
    6,061
    Likes Received:
    0
    Location:
    Mohave Desert
    My 192.168 network at home is using 255.255.255.0 as a netmask. .1 and .2 aren't ont he same network ... did you change the netmask from the default?? That is the easiest and best way is to fix that I think ...
     
  3. eideteker

    eideteker Who jarked off in my frakkin' coffee? OT Supporter

    Joined:
    Feb 15, 2006
    Messages:
    2,428
    Likes Received:
    0
    Location:
    PA.
    All have 255.255.255.0 as the netmask.
     
  4. mobbarley

    mobbarley Active Member

    Joined:
    Mar 4, 2005
    Messages:
    9,256
    Likes Received:
    2
    Location:
    Sydney
    try a traceroute, could they be on the other side of your router? are you on cable? my cable provider uses 10.?.?.? addresses for some equipment that I can see.
     
  5. eideteker

    eideteker Who jarked off in my frakkin' coffee? OT Supporter

    Joined:
    Feb 15, 2006
    Messages:
    2,428
    Likes Received:
    0
    Location:
    PA.
    Will try and report back.

    OK, apparently that's the case because it's going out to the ISP then finding these addresses. I always thought private range IPs behind a router doing NAT wouldn't pick up other private range IPs, or am I just thinking of it the wrong way? Why would their equipment be visible to me like this?
     
    Last edited: Mar 28, 2009
  6. jvblackxj

    jvblackxj VW4Life

    Joined:
    Mar 14, 2003
    Messages:
    100
    Likes Received:
    0
    Most cable modems run on the 192.168.2.x network. I believe some DSL modems do as well. That might be where you are picking that up. is your modem in bridge mode or did you install it and then add a router?

    Jason V
     
  7. eideteker

    eideteker Who jarked off in my frakkin' coffee? OT Supporter

    Joined:
    Feb 15, 2006
    Messages:
    2,428
    Likes Received:
    0
    Location:
    PA.
    My cable modem's internal IP is 192.168.100.1, and I have a router between it and the rest of the network.
     

Share This Page