Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Incidents
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Odd addresses on my wireless network

from [Jim Harrison (ISA)] Network Security [Permanent Link]
Subject: RE: Odd addresses on my wireless network
Date: Wed, 24 Nov 2004 20:40:23 -0800 
To add to the clarification, 169.254/16 addresses are APIPA; used by 
Windows ME and later when DHCP servers aren't available or responsive.
The 169.254.255.255 IP is a broadcast address and as such, won't have 
an associated MAC.

-----Original Message-----
From: Ron [mailto:iago@valhallalegends.com] 
Sent: Wednesday, November 24, 2004 11:25 AM
To: Michael Acosta
Cc: incidents@securityfocus.com
Subject: Re: Odd addresses on my wireless network

Windows computers, and some routers, have an obsession with sending 
traffic to "239.255.255.253" for something to do with upnp 
connectivity.  I didn't even realize this was happening until I set up 
Snort on my Linux box, and discovered packets destined for that 
(unroutable) address every second or so.  If either of your routers had 
upnp enabled, and you don't know what that is or don't use it, then I 
would recommend disabling it.

As for the rest, I'm unsure. 

Michael Acosta wrote:


I noticed some odd behavior on my wireless network this afteernoon. I
didn't think too much of it at the time, but now it really seems odd.

When I tried to access the internet from my laptop, I realized that I
couldn't, even though I had LAN connectivity. I have two wireless
points in my house, one is an Apple Airport Extreme (10.0.1.1), and
the other is an Apple Airport Express (10.0.1.250), set up for WDS.
Both were on, but I couldn't reach the Extreme station via Airport
admin. I went in the room it's in to reset it (I've had to do that
before,) and noticed that the TX/RX lights on the front were really
moving, as if it were quite busy. My DSL modem was doing the same
thing. I went back to my laptop, and ran "arp -a", and came up with
this (even though I still couldn't reach the base station):

$ arp -a
? (10.0.1.1) at 0:3:93:e7:36:da on en1 [ethernet]
? (10.0.1.250) at 0:11:24:3:77:c4 on en1 [ethernet]
? (169.254.61.156) at 0:11:24:3:77:c4 on en1 [ethernet]
? (169.254.255.255) at (incomplete) on en1 [ethernet]
? (224.0.0.2) at 1:0:5e:0:0:2 on en1 permanent [ethernet]
? (224.0.0.251) at 1:0:5e:0:0:fb on en1 permanent [ethernet]
? (239.255.255.253) at 1:0:5e:7f:ff:fd on en1 permanent [ethernet]

en1 is my Airport card. 

Like I said, I didn't think it was too odd at first, I simply reset
the base station. When it came back up, I could reach the internet. I
ran arp -a again, and it only showed 10.0.1.1, as expected.

How could blackhole traffic, and reserved arp traffic show up? I'm no
network expert, but I would assume that if I I had it's MAC address,
it was somehow on my network... right? By the way, I do have some
amount of security on (128 bit WEP and MAC address whitelisting.)
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Odd addresses on my wireless network, Kurt
Next by Date:  Re: Odd addresses on my wireless network, Valdis . Kletnieks
Previous by Thread:  RE: Odd addresses on my wireless network, Voyek, William
Next by Thread:  New/old Trojan?, nixsec
Indexes:  [Date] [Thread] [Top] [All Lists]