[Wolves] subnetting
Andy Wootton
andy.wootton at wyrley.demon.co.uk
Thu Oct 7 21:27:54 BST 2004
Simon Burke wrote:
>Yep, thats whats stressing me out.
>
>The ip is 81.138.252.208
>the the subnet is 255.255.255.248
>
>first useable is 209.
>
>
Simon,
Do you mean that the subnet mask is 255.255.255.248 ?
i.e. 11111111.11111111.11111111.11111000 in binary, so only the last 3
bits are useable for addresses 208 + (0 to 7)
That should make 81.138.252.208 your network address (last bytes 11010
000). By convention the '+ 1' address is reserved for default routers so
the '+ 2' address, 209 would be the sensible place for a cracker to
start probing for holes in firewall rules.
Could your firewall log be using 208 as shorthand for "an address in our
subnet"? Is all your software patched? Most people only worry about
inbound firewall rules so some exploits use a known vulnerability in
software on your systems to look for holes in the firewall rules for
outbound traffic. Have you got any network monitoring looking for weird
packets on your LAN, though looking can cause paranoia.
I may be starting to ramble so I'll stop but I find that someone telling
me in a different way what I already know sometimes triggers a useful
thought.
I'm afraid I know more about the dangers than how to fix them. I'm sure
the regulars here can help more with firewalls but the list is quiet
today, probably because of the expo so I thought I'd wade in.
Good luck.
Woo
More information about the Wolves
mailing list