lol, he just spoofed his addresses so the list can't see the real ips. On Sat, 2004-05-01 at 08:13, Eric Diamond wrote: > Wednesday, April 28, 2004 2:04 PM Elam Daly asked: > > At this particular company we have a webserver, that sits behind a > > firewall/router. All incoming port 80 > > traffic is directed to this server. All computers in the > > company reside > > internally on 123.123.123.* ip addresses. > > All DNS resolution is done externally. > > How did you get the 123.123.123/24 address space assigned to your > network? > > According to IANA: > > <start clip> > INTERNET PROTOCOL V4 ADDRESS SPACE > > (last updated 28 April 2004) > > The allocation of Internet Protocol version 4 (IPv4) address space to > various registries is listed here. Originally, all the IPv4 address > spaces was managed directly by the IANA. Later parts of the address > space were allocated to various other registries to manage for > particular purposes or regional areas of the world. RFC 1466 [RFC1466] > documents most of these allocations. > > Address > Block Date Registry - Purpose Notes or Reference > ----- ------ --------------------------- ------------------ > 000/8 Sep 81 IANA - Reserved > 001/8 Sep 81 IANA - Reserved > 002/8 Sep 81 IANA - Reserved > 003/8 May 94 General Electric Company > ... > 122/8 Sep 81 IANA - Reserved > 123/8 Sep 81 IANA - Reserved > 124/8 Sep 81 IANA - Reserved > 125/8 Sep 81 IANA - Reserved > 126/8 Sep 81 IANA - Reserved > 127/8 Sep 81 IANA - Reserved See [RFC3330] > <end clip> > > The 123 address space is clearly a reserved Class A Address. > > Are you using NAT? I sincerely hope so. But if so, then why not use one > of the private address spaces? If not, you're lucky you're getting any > traffic back at all. > > > Now the problem is that all computers on the network can browse the > > internet and do various chores like > > telnet and ssh with no problem, except for the web server. I > > can ssh, > > telnet etc. to other computers on the internal network > > from the web server but not to the outside world. > > For the rest of your network, see above. > > For your web server, the question of NAT applies but is compounded by > issues regarding the way your ISP is forwarding the web traffic in their > router. > > > I have no firewall running, and just to be sure I've flushed the > > iptables and ran the /etc/rc3.d/iptables script with the > > -stop flag. I've also talked to the isp( it's their router ) > > and they claim that if > > all the other computers can get web access then so should > > the webserver. > > Now, I have seen cases where ISPs will limit outgoing connections from > known, world accessable servers connected to their network, over which > they have no direct security control. But in this case, I have a gut > feeling that another 123.123.123.240 exists somewhere out there (someone > else using a reserved address) and some of your traffic is just getting > lost. The general purpose router protocols are supposed to keep this > sort of thing from happening, but when unassignigned addresses are added > into the mix, unpredictable things can start popping up (or dropping out > as the case may be.) > > Eric Diamond > eDiamond Networking & Security > 303-246-9555 > eric@xxxxxxxxxxxx > -- Rotariu Bogdan <bogdan@xxxxxxxxxx> Alterox Sistem
Attachment:
signature.asc
Description: This is a digitally signed message part
