I thought 10.x.x.x IPs weren't routable!

w^rl0rd

I thought 10.x.x.x IPs weren't routable!

My firewall picked up incoming packets from a 10.x.x.x IP.
I trace routed it out of my subnet, past my ISP.

How is this possible?

I thought 10. IPs are private and cannot be routed.

wildfire

10.0.0.0 /4 ips are not routed on the internet as they are private IP's, however the person sending the incoming packet could be sat on a private network connected to the internet via NAT (Network Address Translation) the packet is converted from a private to public ip.

w^rl0rd

But through NAT it should display the one single public ISP assigned IP being used by that subnet right?


I thought that all of the 10. IP's behind the router should appear as one single public IP.

Webmaster

Indeed, the whole idea of a private address range is that they do not appear on the public internet. You might be a target of a, probably random, attack from someone who is spoofing an IP address trying to make your router accept it as valid traffic because it seems to originate from the private LAN.

w^rl0rd

That is exactly what I suspected.

There must be some tools I can use to find
out where the packet originated from.

Perhaps a sniffer?


-- I sense that this is now beyond the realm of N+. Sorry.

Webmaster

That's going to be very hard since the packets originate from a fake IP address which logically can't be traced to its source... unless you have access to all the routers between your firewall and the 'attacker'.

w^rl0rd

One more question...

Is it possible for the hop after my router/default gateway to be in the 10.x.x.x range?

A trace route from my machine shows one.

Webmaster

I guess you could be connected thru a private network at your ISP (since the 10.x.x.x cannot be on the public internet), but that would not be a typical internet connection... what is your gateway's IP?

w^rl0rd

10.138.74.1/29

The next hop is 10.162.40.1.

Don't DSL routers function like normal routers?
I shouldn't even be seeing that.

Webmaster

AH ok, you are indeed part of a private network of your ISP which is in turn connected to the Internet. Meaning the translation and routing to the public network occurs at the far side of the ISP.

w^rl0rd

So I'm not alone on my network?
I thought that these IPs weren't routable though.
I am behind a DSL "router."

Webmaster

Surely private address ranges are routable, they usually are. Consider a company with multiple locations, they would use a different private subnet/network for each location for example. Routers will be used to connect them to form a WAN/internetwork.

wildfire

Its is common practice for you to be assigned a private ip, after all there isnt enough ips for everyone connected to the net to have their own, your connection to you isp will be a private network which will connect to a gateway where your private IP will become public and go onto the BGP backbone (Routed protocol).

So you IP will indeed be routed around your isps network. Private address are routable everywhere execpt the internet backbone.

So there could be 20 routes all connected to each other belonging to your isp but only a handfull would actually connect on to the internet.

Run a traceroute (tracert) to a know ip or name such as techexams.net.

for more info on private ips http://www.faqs.org/rfcs/rfc1918.html

w^rl0rd

Webmaster wrote:

Surely private address ranges are routable, they usually are. Consider a company with multiple locations, they would use a different private subnet/network for each location for example. Routers will be used to connect them to form a WAN/internetwork.

I guess I should clarify what I mean by "routable."
I know the packets are routed, but once a node passes a router, it should no longer be a private IP. It should be translated at that point.

wildfire

know the packets are routed, but once a node passes a router, it should no longer be a private IP. It should be translated at that point

Only once it actully goes onto the internet backbone (BGPv4) I use 10.0 for my home lab which has 6 routers. They are only known as private because it was agreed to allow people to use these at home etc. Its only once it goes through NAT that it will become a public address. Hope this makes sense. [/code]

w^rl0rd

I think I know where I was confused;

I always looked at routers as devices used to separate private networks from the public internet.

In retrospect, I remember that they separate subnets, which explains why a 10. IP can exist beyond my router.

Case and point: Private IPs like 10.x.x.x can exist until they get to the router that touches the internet.

2lazybutsmart

Explains why two users have the same IP addresses when posting on forums. (there was this war in another site, but that's history).

I'm using NAT to access the internet at this moment. My computer is on a private IP address 192.168.30.0.

Your ISP is probably overloading hundereds of users (of which you're one) onto that single public IP address.