-
IANA Special Use ????
I have 2 Ip addresses in my Linksys Wireless B router's advanced routing table???? Can someone explain what they are?
They are both 211 hops away and the subnet for them is 16.140.0.0 and the gateway is 52.211.2.208
Both these show up:
64.118.29.208
242.26.7.208
NetType: IANA Special Use
Comment: Please see RFC 3330 for additional information.
That is the comment from WhoIS..... What are these computers.... they show up very strange results from Tracert or Ping.......
If anyone could help me figure out what they are doing on my routing table... I would be able to sleep better at night.... :) I gotta go to bed but I still haven't found anything out that really explains what they are doing in my router. I noticed them yesterday but it was the first time I have seen them.
-
Well, I just Wiki'd your question and ended up with three interesting Wiki links. I first got to http://en.wikipedia.org/wiki/List_of...otocol_numbers but it doesn't answer your question. It's just an interesting list that everyone keeps searching for. :D
http://en.wikipedia.org/wiki/IP_number makes more sense but it doesn't go in depth to IP numbers in the way I was looking for. I suspect that those IP numbers are special classes and this Wiki doesn't mention much about these classes. It does mention that IP numbers aren't really divided in classes anymore, though. Or at least no one looks at the network/host combination anymore.
The last link does answer your question partly, though. http://en.wikipedia.org/wiki/Classful_network is about the classes for IP numbers. The 242.26.7.208 address is a reserved class. And it has a link to that RFX 3330 document at http://www.ietf.org/rfc/rfc3330.txt which is too complicated for me to understand. :D
Now the weird thing is that 64.118.29.208 is not mentioned here as a special address. And apparantly the system at that address seems to be down. I've tried a few of the online tools mentioned on one of those Wiki's but this address seems a bit suspicious to me.
The IP number 52.211.2.208 does lead to one site, though. The owner is "E.I. du Pont de Nemours and Co., Inc." in the USA. ( http://www1.dupont.com/ )
If this was my router, I'd sleep better after I've removed those two from the list, though. Not sure if that's a good thing to do, but it's what I would do...
-
yep. Nothing mentioned anywhere about 64.118.29.208 being a special address but there should be some kinda explanation as to why its there. Found a post at eggheadcafe.com reporting the same probklem from april or so. Seems to have something to do with wireless routers only though.
-
"Host 64.118.29.208 appears to be up ... good.
All 1663 scanned ports on 64.118.29.208 are: filtered"
Well, it's there.
WHOIS didn't work out.
-
Hmmmm... Makes me wonder if someone managed to break into this wireless router...
It is wireless so someone could have gone wardriving, detect the router, tries to get in and manages to do so and then adjusts the router to accept some alternative kinds of traffic... It could be that someone has access to this router now and is using it as a proxy for his own hacking purposes. And if this router is connected to the Internet, he doesn't even have to connect to it by sitting wireless in the area. He just connects to this router from wherever he likes. This router then functions as some anonimizer for him. Why? Your guess is as good as mine. :)
-
64.x.x.x ---> i coudnt find anything about a special assignment on this range
242.x.x.x. --> RFC1700, page 4. This block, formerly known as the Class E address space, is reserved.
-
I'd say, make a backup of your router config, and save it offline (pc, thumb drive, floppy, etc.)
Remove them, save the setup, and reboot the router. If all works fine, your done. If not...restore the saved config, and keep digging into it.
-
Thanks for all the input in such a short time. I am going to do what zencoder said and redo my router settings. Cacosapo, you found the same thing i found... I read the article that siad "242.x.x.x. --> RFC1700, page 4. This block, formerly known as the Class E address space, is reserved" but it didn't really give me an understanding of what it was. The real wierd part to the whole thing is the subnet (16.140.0.0) the only subnets I am familiar with are 255.255.255.0 or similar. At one point i left my router with the default password and it is possible that then somone got in.... but the ip address is so wierd that it would appear that it is not just some script kiddie. Anyway I am going to reset my router... won't hurt anything. My network is small and its mine so if it dies for a minute.... i wont shed a tear. I was just a little worried about using my p2p software with some mysterious ip showing up in my routing table. It seems like I already removed that ip from my router and it came back... but cant say for sure. Thanks to everyone for your help!
Nathan
-
I hit the reset button and rebooted the router.... My routing table is back to normal. If it comes back then I am suspicious of a possible keylogger or something similar because it is password protected. Also, Remote Administration for my router and modem is disabled. I also live in the country.... I am the only person in this little town with wireless capability.... I doubt somone would be hacking me via wireless. I believe I have already done this and it came back. I will post again if it comes back.... but for now im going to continue using my 1.5 meg dsl and not worry about getting a DMCA letter. I also had a few spyware programs running.... I guess when I redid this laptop a week or so ago... I got lazy and didn't secure it. Shame on me.
Thanks,
Nathan
-
Having a wireless internet connection is risky and people can still hack into your system over the wireless if they detect it's there. I myself happen to have a PDA with WiFi capabilities which I use in my car as a routeplanner. However, there is a program for PDA's called HitchHiker which is a free tool. But it tries to connect to any WiFi channel that it can find and will warn the user about those networks. I have once driven around Amsterdam and it actually showed me quite a few wireless networks in the area. And to some I could automatically connect and thus browse the Interney by using someone else's network connection.
I also have a wireless network at home, using WAP security and using the MAC addresses my PDA and laptop to limit the computers that can access it. My desktop PC is also connected to it through a cable, and is basically the only way that I can configure it. So basically, for me it wouldn't be much of a problem to find out how it works by experimenting.
Now, what I could do, for example, is drive around in some area waiting for my PDA to warn me about a Wifi router that is in the area and which is open for me to use. I would have to drive around a bit to get a good signal but once I am happy about it, I could take my laptop and use my laptop to connect to this wireless router. This would allow me to use all kinds of tools to break into this wireless network and do what I like to do. (Sending lots of spam, for example...) And after an hour or so I just drive away to find a new wireless victim.
I could do this if I had malicious plans. But I'm not a bad person. I am just very aware of this risk...
And I am happy that some people keep their Wifi open for fair use by people who are just passing by and need to connect to the Internet for a moment. (Which is why I use HitchHiker, so I can e.g. get my emails on my PDA when I discover an available Wifi connection.)
The fact that you're the only one with Wifi in your town might actually result in you becoming a victim of wardriving a bit aster since those wardrives have less victims to choose from...
-
Not to make you paranoid, but I wouldn't put it beyond Linksys to have some sort of backdoor or callhome function in their router OS, to restore certain key settings. I don't think it's very likely, but certainly not impossible. If it shows up again...well, you'll have to draw your own conclusions.
BTW, you don't have UPnP enabled, do you? That would do it as well. And running P2P software on a UPnP enabled network...wow, that could be bad, if you had a shady or malware riddled client.
:wow:
-
Quote:
Originally posted here by Katja
...This would allow me to use all kinds of tools to break into this wireless network and do what I like to do....
If you are connected to someone's open wireless access point, there's little or no 'breaking in' to be done at that point. :)
But you are correct, if he's not using WPA/WPA2 or at least WEP to protect the network, it *is* wide open.
-
No.... uPnP is disabled..... Yea... I am unprotected on my wireless... but the interface mode that the mystery addresses were using was LAN interfacce not wireless. Besides that, I can see when someone is connected via wireless. There are no "wardrivers" around here.... there are not even computer literate people in this area.... When people have computer problems... they come to me because even the IT professionals around here are illiterate and take advantage of the ignorance of people. I am positive it is not my wireless interface getting hacked.... and uPnP is disabled. Yea... would be typical for LinkSys to install a backdoor... with some wierd protcol I haven't ever heard of. I do not thing this is the case. So far, It hasn't come back... my routing table is still clean. My router has the possiblity of broadcasting, at most, 300 or 400 yds..... there are 3 houses in that radius and a church across the street..... I could see someone sitting out their with a laptop and I could see them connected to my network. I myself have also driven around with my wireless modem and found unprotected networks in a town around here..... I just do not think thats the case here.
Thanks,
Nathan
-
Just a question on the side here... ZenCoder... did you ever do any "Dave" hacking or chat in any of the DSS, Dish, or BEV forums?
-
Quote:
Originally posted here by zencoder
If you are connected to someone's open wireless access point, there's little or no 'breaking in' to be done at that point. :)
But you are correct, if he's not using WPA/WPA2 or at least WEP to protect the network, it *is* wide open.
Actually, once you can access the Internet through the wireless router, you can also try to get access to any other computer that is connected to this router. You could, for example, use this to install some spyware on the computers of the owners of the wireless network. Once you're past the router, the real fun would be into getting into any other system that is connected to this router. And if you're about to get caught? Well, the wardriver is probably already located in his getaway car. :D
-
Well I would agree with you Katja if I were in the city or if I was illiterate on computers myself. What I ran across in my routing table is not a hacker... or a scipt kiddie... or a "wardriver". It is something that uses a special protocol that I have never heard of.... They are not connecting to my computers..... I keep an eye on my logs..... I just turned my router log on earlier to see if I could catch something. There is no person wasting gas in this 20 mile circle of a town trying to hack the only wireless connection within 20 miles..... Yea... if they got in via wireless and set up a backdoor... when they got home they could log in via their ISP. This is not what has happened... im positive.... the reason I asked this questions was because it is not some wannabe hacker trying to get into my network. It is either LinkSys... Bellsouth... or Microsoft. Or maybe something else similar to that. I am not an expert on wireless security but I do know a few things about windows networking and how it works..... the only linux computer I had on the internet got fried by lightning 2 days after I finally got it working.... So it is possible that unix computer is the one using my routing table. If it is... They are using my IP and router to hack into someone else... I understand this principle because I have done similar things myself. They are not trying to get into my computers.
Thanks,
Nathan
