Ok so maybe Im too new at this but Im just wondering why a webserver would be getting hit with a block of reserved IP addresses, you know, the ones Iana blocks for private network usage?? (172.16...). Could this be a proxy spoofing those addresses or is IANA compromised?
April 26th, 2011, 05:03 PM
Hi there! and welcome to AO.
I do not think that IANA is compromised. :)
It looks a bit like someone spoofing into you.
With respect, a bit more information about the topography of your network would be helpful ;)
May 6th, 2011, 09:15 AM
IANA doesn't 'block' anything. All they do is register IP address ranges. IANA also doesn't control routing on the internet so even if IANA was compromised and someone 'took' 172.16/12 it still would never work because every router on the internet will drop it.
As for spoofing, that's highly unlikely. It's hard to do in a controlled lab environment. And it's next to impossible to spoof a fully blown TCP connection over the internet.
My guess is that's it's traffic that's originating on your own network.