Private IPs

I received an announcement (if you can call it that) from AnalogX stating an attempt was made to access my computer through port 21. I ran a Tracert on the IP with the following results:

Tracing route to 210.126.214.185 over a maximum of 30 hops

1 125 ms 109 ms 125 ms nas2.sr2.sonic.net [209.204.168.85]
2 109 ms 125 ms 125 ms fe-6-1.gw.sr2.sonic.net [209.204.168.81]
3 157 ms 172 ms 171 ms tunnel-sr2.sonic.net [208.201.245.161]
4 156 ms 157 ms 156 ms fast1-0-0.border.sr.sonic.net [208.201.224.194]
5 172 ms 156 ms 172 ms fast0-0.gw.equinix-sj.sonic.net [64.142.0.14]
6 172 ms 188 ms 187 ms SNTCCA4LCX1.14.0.wcg.com [206.223.116.83]
7 172 ms 172 ms 172 ms sntcca4lcx1-pos.wcg.net [64.200.151.25]
8 156 ms 172 ms 157 ms sntcca2lce1-pos6-0.wcg.net [64.200.151.129]
9 172 ms 156 ms 172 ms sntcca1wcx2-pos.wcg.net [64.200.240.101]
10 157 ms 172 ms 171 ms sntcca1wcx1-oc48.wcg.net [64.200.151.109]
11 297 ms 297 ms 297 ms sntcca1wcx1-samsung-pos.wcg.net [64.200.150.38]
12 312 ms 313 ms 297 ms seoul1-cgr2.kr.psi.net [203.255.119.14]
13 297 ms 297 ms 297 ms 210.122.160.250
14 297 ms 312 ms 297 ms 10.250.1.110
15 328 ms 328 ms 297 ms 210.126.214.185

Trace complete.

What has me puzzeled is the 10.x.x.x IP in line 14. I was under the imperssion that all 10.x.x.x IPs are private. Is that not correct?

With our Lords blessings,

Doug

i don't belive they are a private ip, i could be wrong. the only "private ip" i think are the 192.168.32.X, only because they are non traceable. i think it's a class 1 ip, so it might be a gov't ip

It's private. 10 is a Class A network and 192.168 is a Class C.

NetRange: 10.0.0.0 - 10.255.255.255
CIDR: 10.0.0.0/8
NetName: RESERVED-10
NetHandle: NET-10-0-0-0-1
Parent:
NetType: Direct Assignment
NameServer: BLACKHOLE-1.IANA.ORG
NameServer: BLACKHOLE-2.IANA.ORG
Comment: This block is reserved for special purposes.
Please see RFC 1918 for additional information.


Just a typical ftp scan, no doubt. looking for a place to store some warez or an easy hack.

But, should I be able to see it in the tracert??

It's most likely a misconfigured router somewhere that's allowing a private IP out into the wild. It happens sometimes. Most decent firewalls will detect and drop packets that claim to come from a private address, anyway. I wouldn't worry about it.

Well, if you don't understand what prolbem child and Tedob1 were saying, the 10.x.x.x address is a nonrouteable (private) class A address (Big business). The 192.168.x.x set of addresses mare nonrouteable class C addresses.

There are ways to access nonrouteable comuters. It normally requires a LOT more work then a simple traceroute. If it is showing up in you logs (like it did(...) then the other end didn't configure their router proplerly

I thank all of you for helping me to understand. And Problemchild, I won't worry about it, thanks. I can't help think thought, that 10.250.1.110 should. :)

With our Lords blessings thank you and take care,

Doug

Private address space is certainly routable by routers. 10.x.x.x, 192.168.x.x, and there are several others are private addresses, meaning nobody is allowed to register them and claim ownership of them, which translates into meaning that if you were to use it, you wouldn't be garunteed to reach them outside of your ISP/network. Most ISP's will do ingress/egree filtering to block private addresses from leaving/entering their network, which has the effect of making them non-routable on the INTERNET, this does not mean they are non-routable on your own network/ISP's network.

It is actually quite common to have ISP's use private address space for their routers. The address space works just fine in passing traffic and it gives the added bonus of protecting their routers from the internet by making them non-reachable.

There was a huge thread about this a while back: look here

Nebulus

I don't want to put words into souleman's mouth, but I don't think he was saying it's not possible to route them, because obviously it is or the guy wouldn't be seeing a Class A address in his logs. I think he just meant that it isn't supposed to be done. :D