Lately I have been getting bombarded with port scans from my own isp.
( **WARNING HERE COMES THE NEWB PART**)
My ip addy is truly in the 216.XXX.XXX.XXX range however when I repair my connection (same thing as winipcfg release renew). I see a 10. XXX.XXX.XXX range.
The odd part is that I thought 10.X range ip's couldn't be pinged/scanned. However when I scan for the 216 range I get nothing but I am able to ping/scan everyone in my isp using the 10.XXX.XXX.XXX range.
All of the port scans are coming from a 10.XXX.XXX.XXX ip addy.
1.)Why can I be pinged w/ the 10 range ip addy but not my actual ip addy?
2.)Is there a way to alert the scanner that I am aware of his actions? I have heard of using the NET SEND command...would that work? Or should I ignore the scans?
March 31st, 2004, 07:47 PM
It sounds like you are behind some sort of router and are getting your ip address from a dhcp server, or from your access point. What this means is your computers ip address is 10.x.x.x and everyone elses on your local network is also 10.x.x.x. But when your route off of your network, say to a web page, everyone on your network is using the 216.x.x.x ip. As for the scan it is most likely comming from within your local network or you have ip fowarding enable on your access point.
March 31st, 2004, 08:36 PM
if you are on a network, machines are constantly comunicating with each other always trying to find out whose boss, holding elections and just making sure no one has left or is new. although their is quite a bit of echo requests going on there is more than one type of ICMP packet.
if you can install a packet sniffer or network monitor on your machine it would be a very enlightening experiance to view all the traffic thats always there behind the scenes.
if you need to know more about the ip address discrepancy than has already be stated do a search for NAT or "network address translation"