icmp requests from 10.0.0.0 network to ppp0

Togan Muftuoglu

15 Aug 2001 15 Aug '01

13:53

I have been receiving these requests which are stopped with _DENY_ rule at the firewall. Now I have adsl connection which is using rp_pppoe and I thought private ip's should not be allowed thru the external interface. I believe this is coming from my isp but is this normal or what Aug 15 16:16:02 gardiyan kernel: Packet log: input DENY ppp0 PROTO=1 10.14.9.254:3 212.156.197.144:1 L=56 S=0x00 I=1640 F=0x0000 T=254 (#4) Aug 15 16:16:59 gardiyan last message repeated 2 times Aug 15 16:20:05 gardiyan kernel: Packet log: input DENY ppp0 PROTO=1 10.14.9.254:3 212.156.197.144:1 L=56 S=0x00 I=63495 F=0x0000 T=254 (#4) Aug 15 16:26:05 gardiyan kernel: Packet log: input DENY ppp0 PROTO=1 10.14.9.254:3 212.156.197.144:1 L=56 S=0x00 I=63495 F=0x0000 T=254 (#4) Aug 15 16:28:05 gardiyan kernel: Packet log: input DENY ppp0 PROTO=1 10.14.9.254:3 212.156.197.144:1 L=56 S=0x00 I=63495 F=0x0000 T=254 (#4) Aug 15 16:30:05 gardiyan kernel: Packet log: input DENY ppp0 PROTO=1 10.14.9.254:3 212.156.197.144:1 L=56 S=0x00 I=15693 F=0x0000 T=254 (#4) Aug 15 16:32:05 gardiyan kernel: Packet log: input DENY ppp0 PROTO=1 10.14.9.254:3 212.156.197.144:1 L=56 S=0x00 I=15693 F=0x0000 T=254 (#4) Aug 15 16:38:05 gardiyan kernel: Packet log: input DENY ppp0 PROTO=1 10.14.9.254:3 212.156.197.144:1 L=56 S=0x00 I=40482 F=0x0000 T=254 (#4) -- Togan Muftuoglu

Show replies by date

Philipp Snizek

15 Aug 15 Aug

14:17

New subject: AW: [suse-security] icmp requests from 10.0.0.0 network to ppp0

Hi Togan, icmp type 3 is destination unreachable. You should not block these packets coming from inet to you (re-read ipchains howto). It seems your 10.14.9.254 cannot reach a host in the internet. HTH Philipp

...

-----Ursprungliche Nachricht----- Von: Togan Muftuoglu [mailto:toganm@users.sourceforge.net] Gesendet: Mittwoch, 15. August 2001 15:53 An: Suse-Security Betreff: [suse-security] icmp requests from 10.0.0.0 network to ppp0

I have been receiving these requests which are stopped with _DENY_ rule at the firewall.

Now I have adsl connection which is using rp_pppoe and I thought private ip's should not be allowed thru the external interface.

I believe this is coming from my isp but is this normal or what

Aug 15 16:16:02 gardiyan kernel: Packet log: input DENY ppp0 PROTO=1 10.14.9.254:3 212.156.197.144:1 L=56 S=0x00 I=1640 F=0x0000 T=254 (#4) Aug 15 16:16:59 gardiyan last message repeated 2 times Aug 15 16:20:05 gardiyan kernel: Packet log: input DENY ppp0 PROTO=1 10.14.9.254:3 212.156.197.144:1 L=56 S=0x00 I=63495 F=0x0000 T=254 (#4) Aug 15 16:26:05 gardiyan kernel: Packet log: input DENY ppp0 PROTO=1 10.14.9.254:3 212.156.197.144:1 L=56 S=0x00 I=63495 F=0x0000 T=254 (#4) Aug 15 16:28:05 gardiyan kernel: Packet log: input DENY ppp0 PROTO=1 10.14.9.254:3 212.156.197.144:1 L=56 S=0x00 I=63495 F=0x0000 T=254 (#4) Aug 15 16:30:05 gardiyan kernel: Packet log: input DENY ppp0 PROTO=1 10.14.9.254:3 212.156.197.144:1 L=56 S=0x00 I=15693 F=0x0000 T=254 (#4) Aug 15 16:32:05 gardiyan kernel: Packet log: input DENY ppp0 PROTO=1 10.14.9.254:3 212.156.197.144:1 L=56 S=0x00 I=15693 F=0x0000 T=254 (#4) Aug 15 16:38:05 gardiyan kernel: Packet log: input DENY ppp0 PROTO=1 10.14.9.254:3 212.156.197.144:1 L=56 S=0x00 I=40482 F=0x0000 T=254 (#4)

-- Togan Muftuoglu

-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com

'Togan Muftuoglu'

14:51

New subject: [suse-security] icmp requests from 10.0.0.0 network to ppp0

* Philipp Snizek; on 15 Aug, 2001 wrote:

...

Hi Togan,

icmp type 3 is destination unreachable. You should not block these packets coming from inet to you (re-read ipchains howto). It seems your 10.14.9.254 cannot reach a host in the internet.

Excuse me I do not get it I have my local net on the 192.168.1.0/24 subnet Internet is assigned via pppoe which is going thru eth1 which has no adress assigned and ppp0 has 212.156.197.144 as the ip number eth0 Link encap:Ethernet HWaddr 00:00:21:D2:D3:73 inet addr:192.168.1.2 Bcast:192.168.1.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:1559952 errors:0 dropped:0 overruns:0 frame:0 TX packets:2195196 errors:0 dropped:0 overruns:0 carrier:0 collisions:255 txqueuelen:100 Interrupt:11 Base address:0x1000 eth1 Link encap:Ethernet HWaddr 00:60:97:50:AE:DB UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:2284437 errors:0 dropped:0 overruns:0 frame:0 TX packets:1642777 errors:0 dropped:0 overruns:0 carrier:3 collisions:39 txqueuelen:100 Interrupt:10 Base address:0x300 ppp0 Link encap:Point-to-Point Protocol inet addr:212.156.197.144 P-t-P:212.156.196.1 Mask:255.255.255.255 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1492 Metric:1 RX packets:24492 errors:0 dropped:0 overruns:0 frame:0 TX packets:23939 errors:0 dropped:0 overruns:0 carrier 0 collisions:0 txqueuelen:10 this is the routing table thereis no 10.0.0.0. network assigned 212.156.196.1 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo 0.0.0.0 212.156.196.1 0.0.0.0 UG 0 0 0 ppp0 So if I am reading the log correctly the traffic is 10.4.9.254 port 3 to my internet ip port 1 Packet log: input DENY ppp0 PROTO=1 10.14.9.254:3 212.156.197.144:1 L=56 S=0x00 I=40482 F=0x0000 T=254 (#4) Since there is no 10.0.0.0 network on my routing table and there is no ip from this group assigned to ny intrefaces I think it is quite logical to block private IP coming to the internet ip (the rule is input) So before complaing to the ISP I wnat to make sure I know what I am talking. -- Togan Muftuoglu

listuser＠seifried.org

15:11

New subject: [suse-security] icmp requests from 10.0.0.0 network to ppp0

Lots of ISP's/etc use 10.* for "internal clouds" of routers and the like. My adsl box for example is a 10.* IP printed on the sticker on the bottom of it. At one colo provider (using this ISP) they do not filter 10.* and so you can access the "internal cloud" which is kind of fun =). -Kurt On Wed, 15 Aug 2001, 'Togan Muftuoglu' wrote:

...

* Philipp Snizek; on 15 Aug, 2001 wrote:

...
Hi Togan,

icmp type 3 is destination unreachable. You should not block these packets coming from inet to you (re-read ipchains howto). It seems your 10.14.9.254 cannot reach a host in the internet.

Excuse me I do not get it

I have my local net on the 192.168.1.0/24 subnet

Internet is assigned via pppoe which is going thru eth1 which has no adress assigned and ppp0 has 212.156.197.144 as the ip number

eth0 Link encap:Ethernet HWaddr 00:00:21:D2:D3:73 inet addr:192.168.1.2 Bcast:192.168.1.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:1559952 errors:0 dropped:0 overruns:0 frame:0 TX packets:2195196 errors:0 dropped:0 overruns:0 carrier:0 collisions:255 txqueuelen:100 Interrupt:11 Base address:0x1000

eth1 Link encap:Ethernet HWaddr 00:60:97:50:AE:DB UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:2284437 errors:0 dropped:0 overruns:0 frame:0 TX packets:1642777 errors:0 dropped:0 overruns:0 carrier:3 collisions:39 txqueuelen:100 Interrupt:10 Base address:0x300

ppp0 Link encap:Point-to-Point Protocol inet addr:212.156.197.144 P-t-P:212.156.196.1 Mask:255.255.255.255 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1492 Metric:1 RX packets:24492 errors:0 dropped:0 overruns:0 frame:0 TX packets:23939 errors:0 dropped:0 overruns:0 carrier 0 collisions:0 txqueuelen:10

this is the routing table thereis no 10.0.0.0. network assigned

212.156.196.1 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0

192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0

127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo

0.0.0.0 212.156.196.1 0.0.0.0 UG 0 0 0 ppp0

So if I am reading the log correctly the traffic is

10.4.9.254 port 3 to my internet ip port 1 Packet log: input DENY ppp0 PROTO=1 10.14.9.254:3 212.156.197.144:1 L=56 S=0x00 I=40482 F=0x0000 T=254 (#4)

Since there is no 10.0.0.0 network on my routing table and there is no ip from this group assigned to ny intrefaces I think it is quite logical to block private IP coming to the internet ip (the rule is input)

So before complaing to the ISP I wnat to make sure I know what I am talking.

Philipp Snizek

17:43

New subject: AW: [suse-security] icmp requests from 10.0.0.0 network to ppp0

...

...
icmp type 3 is destination unreachable. You should not block these packets coming from inet to you (re-read ipchains howto). It seems your 10.14.9.254 cannot reach a host in the internet.

Excuse me I do not get it

I have my local net on the 192.168.1.0/24 subnet

Internet is assigned via pppoe which is going thru eth1 which has no adress assigned and ppp0 has 212.156.197.144 as the ip number

eth0 Link encap:Ethernet HWaddr 00:00:21:D2:D3:73 inet addr:192.168.1.2 Bcast:192.168.1.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:1559952 errors:0 dropped:0 overruns:0 frame:0 TX packets:2195196 errors:0 dropped:0 overruns:0 carrier:0 collisions:255 txqueuelen:100 Interrupt:11 Base address:0x1000

eth1 Link encap:Ethernet HWaddr 00:60:97:50:AE:DB UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:2284437 errors:0 dropped:0 overruns:0 frame:0 TX packets:1642777 errors:0 dropped:0 overruns:0 carrier:3 collisions:39 txqueuelen:100 Interrupt:10 Base address:0x300

ppp0 Link encap:Point-to-Point Protocol inet addr:212.156.197.144 P-t-P:212.156.196.1 Mask:255.255.255.255 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1492 Metric:1 RX packets:24492 errors:0 dropped:0 overruns:0 frame:0 TX packets:23939 errors:0 dropped:0 overruns:0 carrier 0 collisions:0 txqueuelen:10

The missing link: it's not you running a 10.0.0.0 network internally. Well, that changes things.

...

this is the routing table thereis no 10.0.0.0. network assigned

212.156.196.1 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0

192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0

127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo

0.0.0.0 212.156.196.1 0.0.0.0 UG 0 0 0 ppp0

So if I am reading the log correctly the traffic is

10.4.9.254 port 3 to my internet ip port 1 Packet log: input DENY ppp0 PROTO=1 10.14.9.254:3 212.156.197.144:1 L=56 S=0x00 I=40482 F=0x0000 T=254 (#4)

Still dest unreach. But not coming from you but the other side. First I thought you were the 10. guy using NAT. This may be a router or firewall sending you icmp dest unreach maybe type 10 or so telling you that it's blocking your packets. I Experienced that with other routers/firewalls in the inet. If it's that then it's nothing to worry 'bout. But good opportunity to learn more about dest unreach.

...

Since there is no 10.0.0.0 network on my routing table and there is no ip from this group assigned to ny intrefaces I think it is quite logical to block private IP coming to the internet ip (the rule is input)

Yes, you can drop that.

...

So before complaing to the ISP I wnat to make sure I know what I am talking.

First I would try what Kurt said. Sounds like a lot of fun :) Philipp

...

8312

Age (days ago)

8312

Last active (days ago)

List overview

Download

4 comments

4 participants

participants (4)

'Togan Muftuoglu'
listuser＠seifried.org
Philipp Snizek
Togan Muftuoglu