ah...that makes since...thnx for all the replies...o yea..and i ran port scan on the 10.x.x.x and the only port that was open was port 514 with a service called cmd :eek: running(reported by nmap). I tried to telnet to it see if it was the cmd from windows but all i got was a blank screen.
Originally posted here by Maestr0
Erm, are you kidding me?Try a whois on 127.0.0.1. OMFG IANA owns my localhost!! lol, seriously they are RFC 1918, of course they are reserved. Does 192.168.x.x ring a bell? And of course the second hop is also a rfc1918 like the first, they are both internal networks. the 10.x.x.x (also rfc1918) is probably the wired network which gets NATed to the internet. On that wired network is a wireless AP, the wireless AP is gets its addy from 10.x.x.x DHCP and then runs its own DHCP on 192.168.x.x, this way the WLAN and LAN are separate. Its not a honeypot its some dude with a linksys AP plugged into his Linksys router.
How about an AP with a spoofed MAC..
That would make it a Fake vendor ID..
Hi Maestr0 ,
Thanks, I had spotted the first one it was the second 10.x.x.x that had me confused. I didn't even think about wireless.................here in "log cabin country" we don't even have cable TV :D
Your explanation makes it all fit now:)