Pages

Sunday 2 October 2016

Packets from Erewhon

When I look at my firewall logs, I see a whole bunch of attempted accesses that I can't explain. They look like this:

Deny udp src dmz:10.149.14.189/59170 dst inside:192.168.1.111/57378 by access-group "inside_access_out"

Deny tcp src dmz:10.149.17.12/23 dst inside:192.168.1.10/47551 by access-group "inside_access_out"
 

Deny tcp src dmz:10.149.17.201/25 dst inside:192.168.1.18/16141 by access-group "inside_access_out"


I'll explain - udp and tcp are the main two kinds of packet that float around the internet.
"dmz" is a region of my network that I allow limited access to from outside; "inside" is a region of my network that doesn't allow any access from outside. All my "dmz" addresses start with 10, all my "inside" addresses start with 192.168.

IP addresses starting with 10 or with 192.168 are non-routable. Packets with that address or destination shouldn't be able to even reach my firewall.

And yet the Pix firewall is reporting that packets originating in my dmz (from IP addresses that don't have computers) are trying to get to IP addresses in the "inside" region, to IP addresses that don't have computers.

So packets originating from Erewhon, are trying to get to Nowhere, and are being blocked. I'm not worried by this, but I wish I knew how this was happening.

No comments:

Post a Comment