I thought 10.x.x.x IPs weren't routable!

w^rl0rdw^rl0rd Senior MemberMember Posts: 329
I thought 10.x.x.x IPs weren't routable!

My firewall picked up incoming packets from a 10.x.x.x IP.
I trace routed it out of my subnet, past my ISP.

How is this possible?

I thought 10. IPs are private and cannot be routed.

Comments

  • wildfirewildfire Senior Member Member Posts: 654
    10.0.0.0 /4 ips are not routed on the internet as they are private IP's, however the person sending the incoming packet could be sat on a private network connected to the internet via NAT (Network Address Translation) the packet is converted from a private to public ip.
    Looking for CCIE lab study partnerts, in the UK or Online.
  • w^rl0rdw^rl0rd Senior Member Member Posts: 329
    But through NAT it should display the one single public ISP assigned IP being used by that subnet right?


    I thought that all of the 10. IP's behind the router should appear as one single public IP.
  • WebmasterWebmaster Johan Hiemstra Admin Posts: 10,292 Admin
    Indeed, the whole idea of a private address range is that they do not appear on the public internet. You might be a target of a, probably random, attack from someone who is spoofing an IP address trying to make your router accept it as valid traffic because it seems to originate from the private LAN.
  • w^rl0rdw^rl0rd Senior Member Member Posts: 329
    That is exactly what I suspected.

    There must be some tools I can use to find
    out where the packet originated from.

    Perhaps a sniffer?


    -- I sense that this is now beyond the realm of N+. Sorry.
  • WebmasterWebmaster Johan Hiemstra Admin Posts: 10,292 Admin
    That's going to be very hard since the packets originate from a fake IP address which logically can't be traced to its source... unless you have access to all the routers between your firewall and the 'attacker'.
  • w^rl0rdw^rl0rd Senior Member Member Posts: 329
    One more question...

    Is it possible for the hop after my router/default gateway to be in the 10.x.x.x range?

    A trace route from my machine shows one.
  • WebmasterWebmaster Johan Hiemstra Admin Posts: 10,292 Admin
    I guess you could be connected thru a private network at your ISP (since the 10.x.x.x cannot be on the public internet), but that would not be a typical internet connection... what is your gateway's IP?
  • w^rl0rdw^rl0rd Senior Member Member Posts: 329
    10.138.74.1/29

    The next hop is 10.162.40.1.

    Don't DSL routers function like normal routers?
    I shouldn't even be seeing that.
  • WebmasterWebmaster Johan Hiemstra Admin Posts: 10,292 Admin
    AH ok, you are indeed part of a private network of your ISP which is in turn connected to the Internet. Meaning the translation and routing to the public network occurs at the far side of the ISP.
  • w^rl0rdw^rl0rd Senior Member Member Posts: 329
    So I'm not alone on my network? icon_confused.gif
    I thought that these IPs weren't routable though.
    I am behind a DSL "router."
  • WebmasterWebmaster Johan Hiemstra Admin Posts: 10,292 Admin
    Surely private address ranges are routable, they usually are. Consider a company with multiple locations, they would use a different private subnet/network for each location for example. Routers will be used to connect them to form a WAN/internetwork.
  • wildfirewildfire Senior Member Member Posts: 654
    Its is common practice for you to be assigned a private ip, after all there isnt enough ips for everyone connected to the net to have their own, your connection to you isp will be a private network which will connect to a gateway where your private IP will become public and go onto the BGP backbone (Routed protocol).

    So you IP will indeed be routed around your isps network. Private address are routable everywhere execpt the internet backbone.

    So there could be 20 routes all connected to each other belonging to your isp but only a handfull would actually connect on to the internet.

    Run a traceroute (tracert) to a know ip or name such as techexams.net.

    for more info on private ips http://www.faqs.org/rfcs/rfc1918.html
    Looking for CCIE lab study partnerts, in the UK or Online.
  • w^rl0rdw^rl0rd Senior Member Member Posts: 329
    Webmaster wrote:
    Surely private address ranges are routable, they usually are. Consider a company with multiple locations, they would use a different private subnet/network for each location for example. Routers will be used to connect them to form a WAN/internetwork.

    I guess I should clarify what I mean by "routable."
    I know the packets are routed, but once a node passes a router, it should no longer be a private IP. It should be translated at that point.
  • wildfirewildfire Senior Member Member Posts: 654
    know the packets are routed, but once a node passes a router, it should no longer be a private IP. It should be translated at that point

    Only once it actully goes onto the internet backbone (BGPv4) I use 10.0 for my home lab which has 6 routers. They are only known as private because it was agreed to allow people to use these at home etc. Its only once it goes through NAT that it will become a public address. Hope this makes sense. [/code]
    Looking for CCIE lab study partnerts, in the UK or Online.
  • w^rl0rdw^rl0rd Senior Member Member Posts: 329
    I think I know where I was confused;

    I always looked at routers as devices used to separate private networks from the public internet.

    In retrospect, I remember that they separate subnets, which explains why a 10. IP can exist beyond my router.

    Case and point: Private IPs like 10.x.x.x can exist until they get to the router that touches the internet.
  • 2lazybutsmart2lazybutsmart Senior Member Member Posts: 1,119
    Explains why two users have the same IP addresses when posting on forums. (there was this war in another site, but that's history).

    I'm using NAT to access the internet at this moment. My computer is on a private IP address 192.168.30.0.

    Your ISP is probably overloading hundereds of users (of which you're one) onto that single public IP address.
    Exquisite as a lily, illustrious as a full moon,
    Magnanimous as the ocean, persistent as time.
Sign In or Register to comment.