Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Incidents
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: wired traffic

from [Bob Radvanovsky] Network Security [Permanent Link]
Subject: Re: wired traffic
Date: Mon, 30 Jan 2006 19:12:42 -0600 
To answer your question, yes, that address is one of several used by 
Cisco/Linksys products as their gateway address for internal-to-external 
routing.  192.168.1.1 is the local, non-routed address.  There may be other 
retail, residential routers which may use that as the gateway address, too.  I 
know that D-Link uses 192.168.0.1, many Netgear devices uses 192.168.1.1, as 
does Cisco/Linksys.  I would suggest running NMAP, or some other form of 
network port scanner to do an identification based on its packet signature.

The fact that I see it addressing 0.0.0.0 might mean that the router may be 
misconfigured, or that it might be a DHCP broadcasting agent, again, signifying 
that it may be misconfigured.  Without performing additional steps, we can 
speculate until tomorrow...  ;))

Does this help?

-rad

----- Original Message -----
From: Charles Hamby [mailto:fixer@gci.net]
To: fowl8510@unco.edu, incidents@securityfocus.com
Subject: Re: wired traffic



Is 192.168.1.1 a Linksys router by some chance?


----- Original Message ----- 
From: <fowl8510@unco.edu>
To: <incidents@securityfocus.com>
Sent: Sunday, January 29, 2006 6:11 PM
Subject: wired traffic



Can anyone tell me what's happening here?  192.168.1.1 is the router.

20:09:31.410294 IP 192.168.1.1.1119 > 0.0.0.0.0: . 0:1(1) ack 0 win 0
20:09:31.410854 IP 192.168.1.1.1121 > 0.0.0.0.0: . 0:1(1) ack 0 win 0
20:09:31.411454 IP 192.168.1.1.availant-mgr > 0.0.0.0.0: . 0:1(1) ack 0 
win 0
20:09:31.412078 IP 192.168.1.1.1125 > 0.0.0.0.0: . 0:1(1) ack 0 win 0
20:09:31.412723 IP 192.168.1.1.1126 > 0.0.0.0.0: . 0:1(1) ack 0 win 0
20:09:31.413415 IP 192.168.1.1.1128 > 0.0.0.0.0: . 0:1(1) ack 0 win 0
20:09:31.414085 IP 192.168.1.1.1129 > 0.0.0.0.0: . 0:1(1) ack 0 win 0
20:09:31.414779 IP 192.168.1.1.1131 > 0.0.0.0.0: . 0:1(1) ack 0 win 0
20:09:31.415504 IP 192.168.1.1.1132 > 0.0.0.0.0: . 0:1(1) ack 0 win 0
20:09:31.416247 IP 192.168.1.1.1134 > 0.0.0.0.0: . 0:1(1) ack 0 win 0
20:09:32.434549 IP 192.168.1.1.1121 > 0.0.0.0.0: . 0:1(1) ack 1 win 0
20:09:32.435152 IP 192.168.1.1.availant-mgr > 0.0.0.0.0: . 0:1(1) ack 1 
win 0
20:09:32.435719 IP 192.168.1.1.1125 > 0.0.0.0.0: . 0:1(1) ack 1 win 0
20:09:32.436313 IP 192.168.1.1.1126 > 0.0.0.0.0: . 0:1(1) ack 1 win 0
20:09:32.436939 IP 192.168.1.1.1128 > 0.0.0.0.0: . 0:1(1) ack 1 win 0
20:09:32.437537 IP 192.168.1.1.1129 > 0.0.0.0.0: . 0:1(1) ack 1 win 0
20:09:32.438186 IP 192.168.1.1.1131 > 0.0.0.0.0: . 0:1(1) ack 1 win 0
20:09:32.440157 IP 192.168.1.1.1134 > 0.0.0.0.0: . 0:1(1) ack 1 win 0
20:09:33.458456 IP 192.168.1.1.1119 > 0.0.0.0.0: . 0:1(1) ack 1 win 0
20:09:33.458958 IP 192.168.1.1.1121 > 0.0.0.0.0: . 0:1(1) ack 1 win 0
20:09:33.459529 IP 192.168.1.1.availant-mgr > 0.0.0.0.0: . 0:1(1) ack 1 
win 0
20:09:33.460769 IP 192.168.1.1.1126 > 0.0.0.0.0: . 0:1(1) ack 1 win 0
20:09:33.461407 IP 192.168.1.1.1128 > 0.0.0.0.0: . 0:1(1) ack 1 win 0
20:09:33.462083 IP 192.168.1.1.1129 > 0.0.0.0.0: . 0:1(1) ack 1 win 0
20:09:33.462759 IP 192.168.1.1.1131 > 0.0.0.0.0: . 0:1(1) ack 1 win 0
20:09:33.463461 IP 192.168.1.1.1132 > 0.0.0.0.0: . 0:1(1) ack 1 win 0
20:09:33.464185 IP 192.168.1.1.1134 > 0.0.0.0.0: . 0:1(1) ack 1 win 0
20:09:34.481631 IP 192.168.1.1.1119 > 0.0.0.0.0: . 0:1(1) ack 1 win 0
20:09:34.482436 IP 192.168.1.1.1121 > 0.0.0.0.0: . 0:1(1) ack 1 win 0
20:09:34.483287 IP 192.168.1.1.availant-mgr > 0.0.0.0.0: . 0:1(1) ack 1 
win 0

This goes on and on. 






Bob Radvanovsky, CISM, CIFI, REM, CIPS
rsradvan@unixworks.net | rsradvan@infracritical.com | rsradvan@ehealthgrid.com
(630) 673-7740 | (412) 774-0373 (fax)
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: wired traffic, David Gillett
Previous by Thread:  Re: wired traffic, ramez . hanna
Indexes:  [Date] [Thread] [Top] [All Lists]