[Wolves] subnetting

Andy Wootton andy.wootton at wyrley.demon.co.uk
Thu Oct 7 21:27:54 BST 2004


Simon Burke wrote:

>Yep, thats whats stressing me out. 
>
>The ip is 81.138.252.208 
>the the subnet is 255.255.255.248
>
>first useable is 209.
>  
>
Simon,

Do you mean that the subnet mask is 255.255.255.248 ?
i.e. 11111111.11111111.11111111.11111000 in binary, so only the last 3 
bits are useable for addresses 208 + (0 to 7)

That should make 81.138.252.208 your network address (last bytes 11010 
000). By convention the '+ 1' address is reserved for default routers so 
the '+ 2' address, 209 would be the sensible place for a cracker to 
start probing for holes in firewall rules.

Could your firewall log be using 208 as shorthand for "an address in our 
subnet"? Is all your software patched? Most people only worry about 
inbound firewall rules so some exploits use a known vulnerability in 
software on your systems to look for holes in the firewall rules for 
outbound traffic. Have you got any network monitoring looking for weird 
packets on your LAN, though looking can cause paranoia.

I may be starting to ramble so I'll stop but I find that someone telling 
me in a different way what I already know sometimes triggers a useful  
thought.

I'm afraid I know more about the dangers than how to fix them. I'm sure 
the regulars here can help more with firewalls but the list is quiet 
today, probably because of the expo so I thought I'd wade in.

Good luck.
Woo





More information about the Wolves mailing list