| Author |
Message |
Guest
|
 Posted:
Thu Oct 27, 2005 4:21 pm Post subject:
unknown ip address in wallwatcher |
|
|
I have a private network
192.168.1.1 gateway
..200 access point
..205 access point
then 4 DHCP addresses that start at 100
I am getting a 192.168.1.52 in my wallwatcher log from
63.224.157.64 (U S WEST Internet Services)
and
24.216.183.13 (Charter Communications CHTR-HSA-1BLK (NET-24-216-0-0-1)
24.216.0.0 - 24.216.255.255)
How can they secure an ip on my internal network? |
|
| Back to top |
|
 |
Duane Arnold
Guest
|
| Posted:
Thu Oct 27, 2005 11:38 pm Post subject:
Re: unknown ip address in wallwatcher |
|
|
cyberstarone@hotmail.com wrote in news:1130421739.452603.316480
@g14g2000cwa.googlegroups.com:
| Quote: | I have a private network
192.168.1.1 gateway
.200 access point
.205 access point
then 4 DHCP addresses that start at 100
I am getting a 192.168.1.52 in my wallwatcher log from
63.224.157.64 (U S WEST Internet Services)
|
You're getting 192.168.1.52. What are you talking about? Either there is
a machine on your network that has that LAN IP address or there is not a
machine on your LAN that has that IP that you know about.
| Quote: | How can they secure an ip on my internal network?
|
Well, if this is a wireless network that you have which I'll assume .200
access point means WAP, then why not if you have not secured the wireless
network properly?
Anyone can obtain a DHCP or static IP from you wireless network and use
your network if you don't take measures to prevent the access. In
addition to that since the 192.168.1.52 is on the same IP part of
192.168.1, he or she may have been all over your LAN machines that use
the 192.168.1 if those machines are not protected too.
If there is a router in play and it has wireless MAC filtering, you may
want to start using that feature.
Some basics
http://netsecurity.about.com/cs/wireless/a/aa112203_2.htm
Duane :) |
|
| Back to top |
|
|
Guest
|
| Posted:
Fri Oct 28, 2005 2:00 am Post subject:
Re: unknown ip address in wallwatcher |
|
|
Thanks.
| Quote: | You're getting 192.168.1.52. What are you talking about? Either there is
a machine on your network that has that LAN IP address or there is not a
machine on your LAN that has that IP that you know about.
|
I'd like to know that to. I put an example of the wallwatcher log
below.
But the .52 is there - like 20-30 times. THERE IS NO MACHINE ON MY
NETWORK WITH THAT IP. My desktop is 192.168.1.100 and my wireless
notebook is .101.
2005/10/27 00:05:14.24 I tcp 24.216.183.13 6346 192.168.1.52 2010
| Quote: | Well, if this is a wireless network that you have which I'll assume .200
access point means WAP, then why not if you have not secured the wireless
network properly?
|
My routers do not support WAP. I have 128 bit WEP.
FURTHER, MY DHCP TABLE ONLY SHOW MY desktop (100) & MY notebook (101).
Duane Arnold wrote:
| Quote: | cyberstarone@hotmail.com wrote in news:1130421739.452603.316480
@g14g2000cwa.googlegroups.com:
I have a private network
192.168.1.1 gateway
.200 access point
.205 access point
then 4 DHCP addresses that start at 100
I am getting a 192.168.1.52 in my wallwatcher log from
63.224.157.64 (U S WEST Internet Services)
You're getting 192.168.1.52. What are you talking about? Either there is
a machine on your network that has that LAN IP address or there is not a
machine on your LAN that has that IP that you know about.
How can they secure an ip on my internal network?
Well, if this is a wireless network that you have which I'll assume .200
access point means WAP, then why not if you have not secured the wireless
network properly?
Anyone can obtain a DHCP or static IP from you wireless network and use
your network if you don't take measures to prevent the access. In
addition to that since the 192.168.1.52 is on the same IP part of
192.168.1, he or she may have been all over your LAN machines that use
the 192.168.1 if those machines are not protected too.
If there is a router in play and it has wireless MAC filtering, you may
want to start using that feature.
Some basics
http://netsecurity.about.com/cs/wireless/a/aa112203_2.htm
Duane :) |
|
|
| Back to top |
|
|
goofy
Guest
|
| Posted:
Fri Oct 28, 2005 2:31 am Post subject:
Re: unknown ip address in wallwatcher |
|
|
| Quote: | 2005/10/27 00:05:14.24 I tcp 24.216.183.13 6346 192.168.1.52 2010
|
from the WW documentation :
An Inbound log record means an unsolicited message arrived at your Router,
and was discarded. The Router only allows responses to Outbound messages to
pass through to your computers, except when you are using a DMZ computer.
The fact that the Router has recorded Inbounds is cause for comfort, not
alarm: it caught, blocked, and discarded those records, so they never
reached or harmed your computers.
The WAN and subnet addresses are used by WW and WRV when you decide to
not display Inbounds to the WAN or LAN. Any Inbound traffic that the Router
redirects to the DMZ or port forwards to a specified local computer will
show that computer's LAN address in the "Local IP Address" column. All
other Inbound traffic will show the WANaddress in that column. If you're
not using a DMZ or port forwarding, all Inbounds should show the WAN
address. Everything with a WAN address was blocked by the Router;
everything with a LAN address was passed through to the specified machine.
Maybe your router does this port forwarding. |
|
| Back to top |
|
|
Duane Arnold
Guest
|
| Posted:
Fri Oct 28, 2005 6:01 am Post subject:
Re: unknown ip address in wallwatcher |
|
|
cyberstarone@hotmail.com wrote in
news:1130446822.789535.119780@f14g2000cwb.googlegroups.com:
| Quote: | Thanks.
You're getting 192.168.1.52. What are you talking about? Either there
is
a machine on your network that has that LAN IP address or there is
not a machine on your LAN that has that IP that you know about.
I'd like to know that to. I put an example of the wallwatcher log
below.
But the .52 is there - like 20-30 times. THERE IS NO MACHINE ON MY
NETWORK WITH THAT IP. My desktop is 192.168.1.100 and my wireless
notebook is .101.
2005/10/27 00:05:14.24 I tcp 24.216.183.13
6346 192.168.1.52 2010
Well, if this is a wireless network that you have which I'll assume
.200 access point means WAP, then why not if you have not secured the
wireless network properly?
My routers do not support WAP. I have 128 bit WEP.
FURTHER, MY DHCP TABLE ONLY SHOW MY desktop (100) & MY notebook (101).
|
What are you hollering for? If you know anything which you don't seem to
know, then you would know that when a static IP is used on the router,
it's NOT going to be recorded in the DHCP table, since the IP of
192.168.1.52 is NOT a DHCP IP it's a static IP it is not going to be
recorded. DHCP IP(s) on your router start at 192.168.1.100 for whatever
the count you have set for the router, which the count is probably the
*DEFAULT* out of the box setting, to issue DHCP IP(s) to machines. DHCP
IP(s) are going to be recorded in the DHCP table and STATIC IP(s) are not
going to be recorded. Static IP(s) on the router and that's any IP that
is not issued by the DHCP server are static IP(s). So if the DHCP issue
count is 5 then 192.168.1.100-192.168.1.105 are DHCP IP(s) THAT ARE GOING
TO BE RECORDED IN THE DHCP TABLE LINKED TO A NIC'S MAC. STATIC IP(S) ARE
NOT RECORDED IN THE DHCP TABLE --- YOU GOT IT!
Your little trifling wireless network has been *hacked* by someone who is
using a static IP on your router. At least you're watching the logs and
know that something is not RIGHT! <g>
Duane :) |
|
| Back to top |
|
|
NormanM
Guest
|
| Posted:
Fri Oct 28, 2005 8:22 am Post subject:
Re: unknown ip address in wallwatcher |
|
|
On 27 Oct 2005 14:00:22 -0700, cyberstarone@hotmail.com wrote:
| Quote: | My routers do not support WAP. I have 128 bit WEP.
|
Time to upgrade; WEP isn't very secure. You should move up to WPA, at the
least. BTW, "WAP" means "Wireless Access Point"; which would be your
192.168.1.200 and 192.168.1.205 devices. "WPA" means "Wi-Fi Protected
Access", a security encryption scheme used on WAPs.
| Quote: | FURTHER, MY DHCP TABLE ONLY SHOW MY desktop (100) & MY notebook (101).
|
Which, as Duane shows, does not prevent somebody from using any IP address
outside of the range of your DHCP assigned IP address, but within the scope
of your LAN IP addresses. Assuming your router at 192.168.1.1 is a Linksys
router, and you have the factory default configuration, your DHCP range is
192.168.1.100 to 192.168.1.150 (fifty devices), but your LAN scope is
192.168.1.1 to 191.168.1.254 (IP address 192.168.1.1, subnet mask
255.255.255.0). Any neighbor, or passerby, who can crack your WEP security
(which is not terribly hard to do) can associate to your WLAN and assign
themselves IP address within the scope of your LAN IP addresses. Using a
MAC filter can mitigate that, somewhat. Using WPA security is much more
certain.
--
Norman
~Shine, bright morning light,
~now in the air the spring is coming.
~Sweet, blowing wind,
~singing down the hills and valleys. |
|
| Back to top |
|
|
Guest
|
| Posted:
Sat Oct 29, 2005 2:12 am Post subject:
Re: unknown ip address in wallwatcher |
|
|
"Using WPA security is much more certain. "
Okay, does that mean I need to buy new wireless routers that support
WPA? |
|
| Back to top |
|
|
goofy
Guest
|
| Posted:
Sat Oct 29, 2005 4:21 pm Post subject:
Re: unknown ip address in wallwatcher |
|
|
<cyberstarone@hotmail.com> wrote in message
| Quote: | "Using WPA security is much more certain. "
Okay, does that mean I need to buy new wireless routers that support
WPA?
|
well, that is a possibility. But you can buy software/hardware is much as
you like, but that makes a computer not safe.
You have to understand at least a little bit about what you are doing.
You have to read the manual and change some router defaults.
Make your router so secure as possible; a "hacker" would try another router.
There are a lot of unprotected routers! |
|
| Back to top |
|
|
Rick Larson
Guest
|
| Posted:
Sun Oct 30, 2005 2:45 am Post subject:
Re: unknown ip address in wallwatcher |
|
|
Using my Linksys router with wallwatcher required the dmz active with
an ip address of 192.168.1.50 to make the logging data show in my
wallwatcher. So any incoming traffic logs to 192.168.1.50 and outbound
traffic is from a dhcp assigment like 192.168.1.100
On 27 Oct 2005 14:00:22 -0700, cyberstarone@hotmail.com wrote:
| Quote: | Thanks.
You're getting 192.168.1.52. What are you talking about? Either there is
a machine on your network that has that LAN IP address or there is not a
machine on your LAN that has that IP that you know about.
I'd like to know that to. I put an example of the wallwatcher log
below.
But the .52 is there - like 20-30 times. THERE IS NO MACHINE ON MY
NETWORK WITH THAT IP. My desktop is 192.168.1.100 and my wireless
notebook is .101.
2005/10/27 00:05:14.24 I tcp 24.216.183.13 6346 192.168.1.52 2010
Well, if this is a wireless network that you have which I'll assume .200
access point means WAP, then why not if you have not secured the wireless
network properly?
My routers do not support WAP. I have 128 bit WEP.
FURTHER, MY DHCP TABLE ONLY SHOW MY desktop (100) & MY notebook (101).
Duane Arnold wrote:
cyberstarone@hotmail.com wrote in news:1130421739.452603.316480
@g14g2000cwa.googlegroups.com:
I have a private network
192.168.1.1 gateway
.200 access point
.205 access point
then 4 DHCP addresses that start at 100
I am getting a 192.168.1.52 in my wallwatcher log from
63.224.157.64 (U S WEST Internet Services)
You're getting 192.168.1.52. What are you talking about? Either there is
a machine on your network that has that LAN IP address or there is not a
machine on your LAN that has that IP that you know about.
How can they secure an ip on my internal network?
Well, if this is a wireless network that you have which I'll assume .200
access point means WAP, then why not if you have not secured the wireless
network properly?
Anyone can obtain a DHCP or static IP from you wireless network and use
your network if you don't take measures to prevent the access. In
addition to that since the 192.168.1.52 is on the same IP part of
192.168.1, he or she may have been all over your LAN machines that use
the 192.168.1 if those machines are not protected too.
If there is a router in play and it has wireless MAC filtering, you may
want to start using that feature.
Some basics
http://netsecurity.about.com/cs/wireless/a/aa112203_2.htm
Duane :) |
|
|
| Back to top |
|
|
Duane Arnold
Guest
|
| Posted:
Sun Oct 30, 2005 5:43 am Post subject:
Re: unknown ip address in wallwatcher |
|
|
Rick Larson <ricklarson@cableone.net> wrote in
news:64r7m1t9bo8sl3a68n5v5ushknrb5rnih6@4ax.com:
| Quote: | Using my Linksys router with wallwatcher required the dmz active with
an ip address of 192.168.1.50 to make the logging data show in my
wallwatcher. So any incoming traffic logs to 192.168.1.50 and outbound
traffic is from a dhcp assigment like 192.168.1.100
|
It doesn't sound right. I have used WW on Linksys and Watchguard and the
DMZ never came into play. However instead of broadcasting the the Linksys
log to all machines 192.168.1.255 I think was the all machines broadcast
IP, I did point it to a static IP the computer was using that had WW
running.
Duane :) |
|
| Back to top |
|
|
Rick Larson
Guest
|
| Posted:
Sun Oct 30, 2005 9:22 am Post subject:
Re: unknown ip address in wallwatcher |
|
|
Thanks
I have a BEFSR41v4 firmware version 1.04.02 here and before I tried
the tip from a firewall newsgroup, I could not see the Linksys logs in
the Wallwatcher.
I read in a thread there how to enable this. You need to enable DMZ
and forward to a unused IP in my case 192.168.1.50. Now you must
enable logging and specify the logging IP address 192.168.1.100 or 255
for all computers and you will see stuff in your incoming log.
I would appreciate any suggestions to make the use of DMZ not needed
or easier.
Rick
On Sun, 30 Oct 2005 00:43:52 GMT, Duane Arnold <notme@notme.com>
wrote:
| Quote: | Rick Larson <ricklarson@cableone.net> wrote in
news:64r7m1t9bo8sl3a68n5v5ushknrb5rnih6@4ax.com:
Using my Linksys router with wallwatcher required the dmz active with
an ip address of 192.168.1.50 to make the logging data show in my
wallwatcher. So any incoming traffic logs to 192.168.1.50 and outbound
traffic is from a dhcp assigment like 192.168.1.100
It doesn't sound right. I have used WW on Linksys and Watchguard and the
DMZ never came into play. However instead of broadcasting the the Linksys
log to all machines 192.168.1.255 I think was the all machines broadcast
IP, I did point it to a static IP the computer was using that had WW
running.
Duane :) |
|
|
| Back to top |
|
|
Volker Birk
Guest
|
| Posted:
Sun Oct 30, 2005 5:21 pm Post subject:
Re: unknown ip address in wallwatcher |
|
|
cyberstarone@hotmail.com wrote:
| Quote: | How can they secure an ip on my internal network?
|
What do you mean with "secure an IP"?
Yours,
VB.
--
"Ich bin ein freier Mensch und werde jetzt von meinen Freiheitsrechten
Gebrauch machen - und zwar ausgiebig - natürlich nur in dem Rahmen, den
Otto Schily mir noch zur Verfügung stellt."
Wolfgang Clement am 10.10.05 als Noch-Superminister |
|
| Back to top |
|
|
Duane Arnold
Guest
|
| Posted:
Sun Oct 30, 2005 5:21 pm Post subject:
Re: unknown ip address in wallwatcher |
|
|
Volker Birk <bumens@dingens.org> wrote in news:4364c43a@news.uni-ulm.de:
| Quote: | cyberstarone@hotmail.com wrote:
How can they secure an ip on my internal network?
What do you mean with "secure an IP"?
|
That's just a way of speaking sometimes in the English lanauage. What is
meant by the *secure an IP* is *obtain an IP*.
Duane :) |
|
| Back to top |
|
|
Duane Arnold
Guest
|
| Posted:
Sun Oct 30, 2005 5:21 pm Post subject:
Re: unknown ip address in wallwatcher |
|
|
| Quote: | I have a BEFSR41v4 firmware version 1.04.02 here and before I tried
the tip from a firewall newsgroup, I could not see the Linksys logs in
the Wallwatcher.
I read in a thread there how to enable this. You need to enable DMZ
and forward to a unused IP in my case 192.168.1.50. Now you must
enable logging and specify the logging IP address 192.168.1.100 or 255
for all computers and you will see stuff in your incoming log.
I would appreciate any suggestions to make the use of DMZ not needed
or easier.
|
Have you tried sending a help email to the WW guy who wrote the program
and he sometimes frequents this NG? It may work for you but it doesn't
make any sense. What the DMZ has to do with the logging makes no sense. I
too had a problem with the log being broadcasted to the machine that had
WW running on the XP Pro machine when the SP install enabled the XP FW
and that blocked the port that WW needed open on the machine that
BlackIce running on the machine knew to allow traffic on the inbound port
that WW needed. So, I disabled the XP FW and the logging started working
but that was after the WW guy saw my post about the WW had stopped
showing the syslog data from the router in the NG. Maybe, that's your
problem is that a personal FW or some other packet filter is blocking the
inbound traffic to WW normally and you're circumventing the problem by
doing what you're doing. It's just a guess.
On a small home network, you broadcasting to a DHCP IP a machine may get
like 192.168.1.100 may not be a problem for you as the machine on a small
LAN will most likely get the .100 DHCP IP over and over due to the NIC's
MAC. But the machine could get a different IP with WW running and there
you go. That's why I like to configure the computer's NIC to use a
router's static IP like 192.168.1.50 and configure the router to
broadcast the log to 192.168.1.50 as an example.
Duane :) |
|
| Back to top |
|
|
Volker Birk
Guest
|
| Posted:
Sun Oct 30, 2005 5:21 pm Post subject:
Re: unknown ip address in wallwatcher |
|
|
cyberstarone@hotmail.com wrote:
| Quote: | My routers do not support WAP. I have 128 bit WEP.
|
Dou you mean "my access points do not support WPA"? Then you should use
an encrypted VPN.
Yours,
VB.
--
"Ich bin ein freier Mensch und werde jetzt von meinen Freiheitsrechten
Gebrauch machen - und zwar ausgiebig - natürlich nur in dem Rahmen, den
Otto Schily mir noch zur Verfügung stellt."
Wolfgang Clement am 10.10.05 als Noch-Superminister |
|
| Back to top |
|
|
|
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in