Page 1 of 1

Mystery Subnet Found

Posted: Thu Jan 03, 2013 8:19 pm
by ohnjay
My network at home hast two subnets, 192.168.1.0/24 and 192.168.9.0/24.
I was running some tests when I discovered an IP on a third subnet as shown in the following nmap output:

Code: Select all

Starting Nmap 5.21 ( http://nmap.org ) at 2013-01-03 16:13 EST
Nmap scan report for 192.168.55.1
Host is up (0.017s latency).
Not shown: 932 closed ports, 65 filtered ports
PORT     STATE SERVICE
1723/tcp open  pptp
1863/tcp open  msnp
5190/tcp open  aol
I progressively unplugged cables, but it wasn't until I disconnected the ADSL line from the modem that the IP disappeared. It reappeared on reconnecting the ADSL line.
Replacing the modem/router with a different model gave the same results.

I'm mystified as to how a private IP address can appear on the WAN side of a modem.

Any suggestions?

Re: Mystery Subnet Found

Posted: Tue Jan 07, 2014 12:09 pm
by maestro
It's possibly an Exetel server. From memory, they have used some of the private IP space for servers (these servers would not be accessible from the wider internet, but could be accessible for customers). It is unlikely to be another customer as Exetel's internal routing tables should prevent you from seeing them.

Personally, I drop all packets to/from 192.168.0.0/16 on my incoming connection, so I would never see this.

Re: Mystery Subnet Found

Posted: Tue Jan 07, 2014 4:31 pm
by Dazzled
A few more nmap args reveal lots more. Try also sudo traceroute -T -p 1723 192.168.55.1 from your LAN