andy.wootton at wyrley.demon.co.uk
Thu Oct 7 21:27:54 BST 2004
Simon Burke wrote:
>Yep, thats whats stressing me out.
>The ip is 18.104.22.168
>the the subnet is 255.255.255.248
>first useable is 209.
Do you mean that the subnet mask is 255.255.255.248 ?
i.e. 11111111.11111111.11111111.11111000 in binary, so only the last 3
bits are useable for addresses 208 + (0 to 7)
That should make 22.214.171.124 your network address (last bytes 11010
000). By convention the '+ 1' address is reserved for default routers so
the '+ 2' address, 209 would be the sensible place for a cracker to
start probing for holes in firewall rules.
Could your firewall log be using 208 as shorthand for "an address in our
subnet"? Is all your software patched? Most people only worry about
inbound firewall rules so some exploits use a known vulnerability in
software on your systems to look for holes in the firewall rules for
outbound traffic. Have you got any network monitoring looking for weird
packets on your LAN, though looking can cause paranoia.
I may be starting to ramble so I'll stop but I find that someone telling
me in a different way what I already know sometimes triggers a useful
I'm afraid I know more about the dangers than how to fix them. I'm sure
the regulars here can help more with firewalls but the list is quiet
today, probably because of the expo so I thought I'd wade in.
More information about the Wolves