portland independent media center  
images audio video
newswire article commentary global

corporate dominance | education | government

None internet networks sneaking into the Web caught red handed

It really seems as though those who wish can sneak on the internet from none network IP addresses such as "10.32.32.30 or 10.32.323.40" and attempting to gain access to anyone's computer. Well, guess what folks, I caught two trying to do just that from a none internet network.
10.32.32.30.gif
10.32.32.30.gif
Both IP's are from " Internet Assigned Numbers Authority" who state when you call their number that IP's from them are none internet addresses that aren't suppose to show up on the net or anyones firewall log. Well guess what folks, these people are liars' because I caught two of them attempting to gain access to my computer through port # 8080. Below is the Whois od both ip's. Read the info that states these ip's don't go on the internet. Proof is in the pudding as they say! [whois.arin.net] OrgName: Internet Assigned Numbers Authority OrgID: IANA Address: 4676 Admiralty Way, Suite 330 City: Marina del Rey StateProv: CA PostalCode: 90292-6695 Country: US NetRange: 10.0.0.0 - 10.255.255.255 CIDR: 10.0.0.0/8 NetName: RESERVED-10 NetHandle: NET-10-0-0-0-1 Parent: NetType: IANA Special Use NameServer: BLACKHOLE-1.IANA.ORG NameServer: BLACKHOLE-2.IANA.ORG Comment: This block is reserved for special purposes. Comment: Please see RFC 1918 for additional information. Comment: RegDate: Updated: 2002-09-12 OrgAbuseHandle: IANA-IP-ARIN OrgAbuseName: Internet Corporation for Assigned Names and Number OrgAbusePhone: +1-310-301-5820 OrgAbuseEmail: abuse@iana.org OrgTechHandle: IANA-IP-ARIN OrgTechName: Internet Corporation for Assigned Names and Number OrgTechPhone: +1-310-301-5820 OrgTechEmail: abuse@iana.org # ARIN WHOIS database, last updated 2003-11-22 19:15 # Enter ? for additional hints on searching ARIN's WHOIS database. ? Whois complete 11/23/03 03:34:06 PM ? Start: 11/23/03 03:35:21 PM Whois user[@]: 10.32.32.30 [whois.arin.net] OrgName: Internet Assigned Numbers Authority OrgID: IANA Address: 4676 Admiralty Way, Suite 330 City: Marina del Rey StateProv: CA PostalCode: 90292-6695 Country: US NetRange: 10.0.0.0 - 10.255.255.255 CIDR: 10.0.0.0/8 NetName: RESERVED-10 NetHandle: NET-10-0-0-0-1 Parent: NetType: IANA Special Use NameServer: BLACKHOLE-1.IANA.ORG NameServer: BLACKHOLE-2.IANA.ORG Comment: This block is reserved for special purposes. Comment: Please see RFC 1918 for additional information. Comment: RegDate: Updated: 2002-09-12 OrgAbuseHandle: IANA-IP-ARIN OrgAbuseName: Internet Corporation for Assigned Names and Number OrgAbusePhone: +1-310-301-5820 OrgAbuseEmail: abuse@iana.org OrgTechHandle: IANA-IP-ARIN OrgTechName: Internet Corporation for Assigned Names and Number OrgTechPhone: +1-310-301-5820 OrgTechEmail: abuse@iana.org # ARIN WHOIS database, last updated 2003-11-22 19:15 # Enter ? for additional hints on searching ARIN's WHOIS database. ? Whois complete 11/23/03 03:35:23 PM ?

more info on these two ip's! 23.Nov.2003 18:16

unknown

This is the second image showing the other ip address that isn't suppose to connect to the internet according to IANA. They are from a private network that isn't suppose to connect to commercial networks we all use but sure enough here they are caught red handed, both of them sneaking into commercial internet services! GOT YA!
10.32.32.40.gif
10.32.32.40.gif

more info on these two ip's! 23.Nov.2003 18:36

unknown

Here the image! I guess it didn't make the first time.
10.32.32.40.gif
10.32.32.40.gif

more info 23.Nov.2003 20:20

unknown

When these people are coming from a private network service like IANA.org they don't pay a thin dime to connect to the commercial based web like we have to. They sneak in and go after someone and if you don't have a firewall running you may well be subject to undo harassment by these people since the ip addresses are not suppose to be shown while they go about their illegal business of attacking personal computers that are connected to the commercial network like us. What a scheme, isn't it folks. We pay for our service but those coming in from anyone of these starting at 10.0.0.0 to 10.255.255.255 (meaning IANA) have the ability to try and sneak in and hide from us while we are connected to the WWW and they don't pay a penny, not one red cent to connect to the commercial based network and attack us paid internet users. We pay and they don't! We pay for commercial services atarting at $9.95 and that goes up word depending on the type of service you signed up for! How convenient, we pay they play for nothing! Call the number and listen to the prerecorded message that made the statement about ip's coming from their private network can not be seen if they go to the web folks. I did, in attempting to reach a live human being but instead heard their message about their private network not being seen. "1-310-301-5820"

Put down the tinfoil... 23.Nov.2003 21:19

goatlove

Maybe I just have no sense of humor, but you sound like a total crank. I'll offer a response anyway, lest others remain in danger of believing this nonsense.

IANA is the organization that controls IP network number assignment and distribution. They are not a "private" network. They're a non-profit organization whom the major backbone providers long-ago agreed would be in charge of allocating IP networks and AS numbers. I don't know for sure that they have to pay for their network access, but they're certainly not stealing it.

Unless an ISP explicitly prohibits packets with a bogus source address from leaving its network, there's nothing to stop anyone with the wherewithal from sending you a packet with whatever source address they like. They can send you packets that make it look like your computer is receiving traffic from anyone in the world, including itself. But that doesn't mean that it's actually a useful IP address, in the general sense, or that they can use it to get free access since the computer that sent the original packet will never receive the response. Try using traceroute to get data back to any of those source addresses and you'll see that it can't be done... it'll get to a certain point and then the routers will either a) drop the packet because it's bogus or b) drop the packet because there's no available route to the destination network.

You do offer one very sound bit of advice which is to use firewall (and anti-virus!) software, as it's your best line of defense against those who may try to use your computer for their own nefarious ends or just to make your day suck.

should I be 23.Nov.2003 21:31

impressed?

So?

There's little point in talking fact with a woowoo, but here goes... 25.Nov.2003 00:14

Harry Flashman

IP addresses in the 10.x.x.x range are used for local networks. In fact, this very computer I'm using right now has a 10.x.x.x address on our LAN, as do all the other networked computers in the building. Our router translates that to a "legit" IP for outgoing packets and routes incoming packets directed to that IP to... you guessed it, the 10.x.x.x local IP of this computer.

Reserving that IP range for local networks avoids problems with duplicating addresses on the public network. By providing a range of addys that aren't used on the public 'net, local networks can use IPs in the 10.x.x.x range willy-nilly with no chance of stepping on someone else's address, provided that addresses aren't duplicated within the local network.

As goatlove pointed out, it's no big trick to "spoof" the originating IP of a packet, although someone who does this is guaranteeing that they won't receive any responses. I suppose that someone who only wants to send packets could want to do this, although I'm not nefarious enough to think of why.

BTW, the vast majority of connections flagged by personal firewall software are actually perfectly normal network communications and not attacks. Check out Gibson Research's page at www.grc.com for more on firewalls and 'net security.