Page 1 of 2 12 LastLast
Results 1 to 10 of 16

Thread: IANA Special Use ????

  1. #1
    Member
    Join Date
    Aug 2005
    Posts
    51

    IANA Special Use ????

    I have 2 Ip addresses in my Linksys Wireless B router's advanced routing table???? Can someone explain what they are?

    They are both 211 hops away and the subnet for them is 16.140.0.0 and the gateway is 52.211.2.208

    Both these show up:
    64.118.29.208
    242.26.7.208

    NetType: IANA Special Use
    Comment: Please see RFC 3330 for additional information.

    That is the comment from WhoIS..... What are these computers.... they show up very strange results from Tracert or Ping.......

    If anyone could help me figure out what they are doing on my routing table... I would be able to sleep better at night.... I gotta go to bed but I still haven't found anything out that really explains what they are doing in my router. I noticed them yesterday but it was the first time I have seen them.

  2. #2
    Banned
    Join Date
    Jul 2005
    Posts
    511
    Well, I just Wiki'd your question and ended up with three interesting Wiki links. I first got to http://en.wikipedia.org/wiki/List_of...otocol_numbers but it doesn't answer your question. It's just an interesting list that everyone keeps searching for.
    http://en.wikipedia.org/wiki/IP_number makes more sense but it doesn't go in depth to IP numbers in the way I was looking for. I suspect that those IP numbers are special classes and this Wiki doesn't mention much about these classes. It does mention that IP numbers aren't really divided in classes anymore, though. Or at least no one looks at the network/host combination anymore.

    The last link does answer your question partly, though. http://en.wikipedia.org/wiki/Classful_network is about the classes for IP numbers. The 242.26.7.208 address is a reserved class. And it has a link to that RFX 3330 document at http://www.ietf.org/rfc/rfc3330.txt which is too complicated for me to understand.

    Now the weird thing is that 64.118.29.208 is not mentioned here as a special address. And apparantly the system at that address seems to be down. I've tried a few of the online tools mentioned on one of those Wiki's but this address seems a bit suspicious to me.

    The IP number 52.211.2.208 does lead to one site, though. The owner is "E.I. du Pont de Nemours and Co., Inc." in the USA. ( http://www1.dupont.com/ )

    If this was my router, I'd sleep better after I've removed those two from the list, though. Not sure if that's a good thing to do, but it's what I would do...

  3. #3
    yep. Nothing mentioned anywhere about 64.118.29.208 being a special address but there should be some kinda explanation as to why its there. Found a post at eggheadcafe.com reporting the same probklem from april or so. Seems to have something to do with wireless routers only though.
    Lets stop Thinking and start Drinking!

  4. #4
    "Host 64.118.29.208 appears to be up ... good.
    All 1663 scanned ports on 64.118.29.208 are: filtered"

    Well, it's there.
    WHOIS didn't work out.

  5. #5
    Banned
    Join Date
    Jul 2005
    Posts
    511
    Hmmmm... Makes me wonder if someone managed to break into this wireless router...
    It is wireless so someone could have gone wardriving, detect the router, tries to get in and manages to do so and then adjusts the router to accept some alternative kinds of traffic... It could be that someone has access to this router now and is using it as a proxy for his own hacking purposes. And if this router is connected to the Internet, he doesn't even have to connect to it by sitting wireless in the area. He just connects to this router from wherever he likes. This router then functions as some anonimizer for him. Why? Your guess is as good as mine.

  6. #6
    Senior Member
    Join Date
    Apr 2004
    Posts
    1,130
    64.x.x.x ---> i coudnt find anything about a special assignment on this range

    242.x.x.x. --> RFC1700, page 4. This block, formerly known as the Class E address space, is reserved.
    Meu sítio

    FORMAT C: Yes ...Yes??? ...Nooooo!!! ^C ^C ^C ^C ^C
    If I die before I sleep, I pray the Lord my soul to encrypt.
    If I die before I wake, I pray the Lord my soul to brake.

  7. #7
    AO Senior Cow-beller
    Moderator
    zencoder's Avatar
    Join Date
    Dec 2004
    Location
    Mountain standard tribe.
    Posts
    1,177
    I'd say, make a backup of your router config, and save it offline (pc, thumb drive, floppy, etc.)

    Remove them, save the setup, and reboot the router. If all works fine, your done. If not...restore the saved config, and keep digging into it.
    "Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --Spaf
    Anyone who is capable of getting themselves made president should on no account be allowed to do the job. --Douglas Adams (1952-2001)
    "...people find it far easier to forgive others for being wrong than being right." - Albus Percival Wulfric Brian Dumbledore

  8. #8
    Member
    Join Date
    Aug 2005
    Posts
    51
    Thanks for all the input in such a short time. I am going to do what zencoder said and redo my router settings. Cacosapo, you found the same thing i found... I read the article that siad "242.x.x.x. --> RFC1700, page 4. This block, formerly known as the Class E address space, is reserved" but it didn't really give me an understanding of what it was. The real wierd part to the whole thing is the subnet (16.140.0.0) the only subnets I am familiar with are 255.255.255.0 or similar. At one point i left my router with the default password and it is possible that then somone got in.... but the ip address is so wierd that it would appear that it is not just some script kiddie. Anyway I am going to reset my router... won't hurt anything. My network is small and its mine so if it dies for a minute.... i wont shed a tear. I was just a little worried about using my p2p software with some mysterious ip showing up in my routing table. It seems like I already removed that ip from my router and it came back... but cant say for sure. Thanks to everyone for your help!

    Nathan

  9. #9
    Member
    Join Date
    Aug 2005
    Posts
    51
    I hit the reset button and rebooted the router.... My routing table is back to normal. If it comes back then I am suspicious of a possible keylogger or something similar because it is password protected. Also, Remote Administration for my router and modem is disabled. I also live in the country.... I am the only person in this little town with wireless capability.... I doubt somone would be hacking me via wireless. I believe I have already done this and it came back. I will post again if it comes back.... but for now im going to continue using my 1.5 meg dsl and not worry about getting a DMCA letter. I also had a few spyware programs running.... I guess when I redid this laptop a week or so ago... I got lazy and didn't secure it. Shame on me.

    Thanks,
    Nathan

  10. #10
    Banned
    Join Date
    Jul 2005
    Posts
    511
    Having a wireless internet connection is risky and people can still hack into your system over the wireless if they detect it's there. I myself happen to have a PDA with WiFi capabilities which I use in my car as a routeplanner. However, there is a program for PDA's called HitchHiker which is a free tool. But it tries to connect to any WiFi channel that it can find and will warn the user about those networks. I have once driven around Amsterdam and it actually showed me quite a few wireless networks in the area. And to some I could automatically connect and thus browse the Interney by using someone else's network connection.
    I also have a wireless network at home, using WAP security and using the MAC addresses my PDA and laptop to limit the computers that can access it. My desktop PC is also connected to it through a cable, and is basically the only way that I can configure it. So basically, for me it wouldn't be much of a problem to find out how it works by experimenting.

    Now, what I could do, for example, is drive around in some area waiting for my PDA to warn me about a Wifi router that is in the area and which is open for me to use. I would have to drive around a bit to get a good signal but once I am happy about it, I could take my laptop and use my laptop to connect to this wireless router. This would allow me to use all kinds of tools to break into this wireless network and do what I like to do. (Sending lots of spam, for example...) And after an hour or so I just drive away to find a new wireless victim.

    I could do this if I had malicious plans. But I'm not a bad person. I am just very aware of this risk...
    And I am happy that some people keep their Wifi open for fair use by people who are just passing by and need to connect to the Internet for a moment. (Which is why I use HitchHiker, so I can e.g. get my emails on my PDA when I discover an available Wifi connection.)

    The fact that you're the only one with Wifi in your town might actually result in you becoming a victim of wardriving a bit aster since those wardrives have less victims to choose from...

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •