192.168.0.1 on the Internet?

[The_Unbeliever]

U:\>tracert 192.168.0.1

Tracing route to 192.168.0.1 over a maximum of 30 hops

  1    <1 ms    <1 ms    <1 ms  192.168.50.246
  2     7 ms     7 ms     7 ms  41-132-28-1.dsl.mweb.co.za [41.132.28.1]
  3     8 ms    11 ms     9 ms  tengig-0-0-0-104.vic-ipc-1.mweb.co.za [196.22.16
9.146]
  4     9 ms     9 ms     9 ms  vl-92.vic-hscore-2.mweb.co.za [196.22.189.3]
  5    17 ms    18 ms    19 ms  tengig-3-2.vic-core-sw2.mweb.co.za [196.22.169.7
0]
  6    16 ms    16 ms    16 ms  196.22.185.38
  7    16 ms    15 ms    16 ms  192.168.0.1

Trace complete.

U:\>

No edits was done.

Screenshot :

What's going on here? :wtf:

 

[syntax]

the only thing i can think of is that its a private segment which has routes for the 192.168.0.0/24 range...
Is there a route on the 192.168.50.246 box for the 192.168.0.0/24 range?

 

[The_Unbeliever]

the only thing i can think of is that its a private segment which has routes for the 192.168.0.0/24 range...
Is there a route on the 192.168.50.246 box for the 192.168.0.0/24 range?

No, not at all. No VPN either.

Anybody else with a Mweb account please try and see if you get the same results? Thanks

 

[syntax]

Its a destination NAT then,
Check the NAT table on the perimiter firewall or router
does it nat 192.168.0.1 to a public ip?

 

[The_Unbeliever]

Its a destination NAT then,
Check the NAT table on the perimiter firewall or router
does it nat 192.168.0.1 to a public ip?

Should be removed when rebooting?

How do I check for NAT on linux?

Another interesting thing - if I add 192.168.0.4 to my PC, traceroute does not go out. But, if removed, traceroute do go out.

 

[SirFooK'nG]

I'm on MWEB and do not get the same result as you ... didn't expect to either, 192.168.0.1 is my gateway... strrrange for u ?!?!?

 

[syntax]

Should be removed when rebooting?

How do I check for NAT on linux?

Another interesting thing - if I add 192.168.0.4 to my PC, traceroute does not go out. But, if removed, traceroute do go out.

i think
iptables -L -t nat

The NAT is probably set for permanent. So rebooting the firewall would prob not remove the NAT .
What firewall is it?
if you add 192.168.0.4? whats the subnet then? because the gateway is 192.168.50. 246, if you arent on same subnet it wont go out?
IE whats the subnet for the local lan you are on now?

 

[The_Unbeliever]

Perimeter firewall's password haven't been compromised either.

 

[The_Unbeliever]

i think
iptables -L -t nat

The NAT is probably set for permanent. So rebooting the firewall would prob not remove the NAT .
What firewall is it?
if you add 192.168.0.4? whats the subnet then? because the gateway is 192.168.50. 246, if you arent on same subnet it wont go out?
IE whats the subnet for the local lan you are on now?

Firewall is smoothwall

<info removed>

 

[Mars]

I get the same results, and that is NOT my gateway. My gateway is 192.168.2.1 :wtf:

Microsoft Windows [Version 6.1.7600]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

C:\>tracert 192.168.0.1

Tracing route to 192.168.0.1 over a maximum of 30 hops

  1    <1 ms    <1 ms    <1 ms  . [192.168.2.1]
  2    27 ms    25 ms    26 ms  41-132-56-1.dsl.mweb.co.za [41.132.56.1]
  3    28 ms    28 ms    36 ms  tengig-0-0-0-100.vic-ipc-2.mweb.co.za [196.22.16
3.206]
  4    28 ms    28 ms    28 ms  vl-92.vic-hscore-1.mweb.co.za [196.22.189.2]
  5    40 ms    38 ms    35 ms  tengig-3-1.vic-core-sw1.mweb.co.za [196.22.169.6
6]
  6    36 ms    36 ms    34 ms  196.22.185.38
  7    35 ms    36 ms    35 ms  192.168.0.1

Trace complete.

C:\>

 

[The_Unbeliever]

Oh, when we try to telnet to 192.168.0.1, we get this :

C
*****************************************************************
*                                                               *
*      MM       MMM  MM    MM    MM  MMMMMMMM  MMMMMMM          *
*      MMM      MMM  MM    MM    MM  MM        MM    MM         *
*      MMM     MMMM  MM   MMMM   MM  MM        MM    MM         *
*      M MM    M MM   MM  MMMM  MM   MM        MM    MM         *
*      M MM   MM MM   MM  M  M  MM   MM        MM   MM          *
*      M  MM  M  MM   MM  M  M  MM   MMMMMMMM  MMMMMMM          *
*      M  MM MM  MM    MMMM  MMMM    MM        MM    MM         *
*      M   MMM   MM    MMM    MMM    MM        MM     MM        *
*      M   MMM   MM    MMM    MMM    MM        MM     MM        *
*      M    M    MM     MM    MM     MM        MM    MM         *
*      M         MM     MM    MM     MMMMMMMM  MMMMMMM          *
*                                                               *
*                     IMPORTANT NOTICE                          *
*                                                               *
* You may only access, log onto or use this system if MWEB      *
*  has authorised you to do so.                                 *
*                                                               *
* By accessing, logging onto or using this system you:          *
*                                                               *
*  represent that you are authorised to do so; and              *
*                                                               *
*  agree to comply with all MWEB's policies and procedures.     *
*                                                               *
* If you access, log onto or use the system, or attempt to do   *
*  so, without authorisation, MWEB may take disciplinary or     *
*  other legal steps against you.                               *
*                                                               *
* If you have any questions, please contact the MWEB Service    *
*  Desk at +27 (0)21 596 8856.                                  *
*                                                               *
*****************************************************************


User Access Verification

Username:

 

[The_Unbeliever]

I get the same results, and that is NOT my gateway. My gateway is 192.168.2.1 :wtf:

Microsoft Windows [Version 6.1.7600]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

C:\>tracert 192.168.0.1

Tracing route to 192.168.0.1 over a maximum of 30 hops

  1    <1 ms    <1 ms    <1 ms  . [192.168.2.1]
  2    27 ms    25 ms    26 ms  41-132-56-1.dsl.mweb.co.za [41.132.56.1]
  3    28 ms    28 ms    36 ms  tengig-0-0-0-100.vic-ipc-2.mweb.co.za [196.22.16
3.206]
  4    28 ms    28 ms    28 ms  vl-92.vic-hscore-1.mweb.co.za [196.22.189.2]
  5    40 ms    38 ms    35 ms  tengig-3-1.vic-core-sw1.mweb.co.za [196.22.169.6
6]
  6    36 ms    36 ms    34 ms  196.22.185.38
  7    35 ms    36 ms    35 ms  192.168.0.1

Trace complete.

C:\>

Thank you dear sir. Now I can relax a bit as it's not my network...

 

[syntax]

It must be a destination NAT, i just dont see how they are applying it..

 

[The_Unbeliever]

phoned mweb - helldesk guy is like so he'll get damager to call back

 

[The_Unbeliever]

Issue was resolved.

 

[syntax]

Issue was resolved.

did they tell u what it was?

 

[The_Unbeliever]

Nobody knows.

Will bother the mweb rep.

 

[rebel998]

Got this mail this morning.

Could there be a relation?

Dear MWEB Customer
You may have heard or read in the media that an MWEB system was "hacked" and some user account information was compromised in the process. The system in question is a web interface provided by Internet Solutions, that is used to provision and manage a small group of customers on their ADSL network. This vulnerability has subsequently been secured.

Please note that there are less than a thousand customers who are potentially affected by this and if you are one of the affected users we will be contacting you to assist with the reset of your ADSL password, as an added security measure. Also note that most of our Business ADSL customers have already been moved over to our own ADSL IPC network during the course of the last few months.

Even though this was a low-risk event please be assured that we take the security of our networks and systems very seriously. If you have any further concerns or questions about this incident please feel free to contact us.

Kind regards
MWEB Operations