Results 1 to 4 of 4
  1. #1
    Untanglit
    Join Date
    Aug 2008
    Posts
    24

    Default SOCKS v5 - server has private IP not on my LAN

    This is probably an elementary networking question rather than a UT question.

    For educational purposes I have my bridging-mode UT box logging all protocols. Topology is

    10.0.0.0_LAN-----UT_box--------Firewall/Router---------Internet

    In the Protocol Control event log, I'm seeing a machine of mine at 10.0.0.34:1026 using the SOCKS Version 5 protocol to connect to several machines in the 172.16.4x.xx private address range on port 161.

    Since I understand these to be non-routable addresses, I don't understand how a connection is possible.

    Thanks!

    Frank

  2. #2
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    17,486

    Default

    is it udp or tcp?

    nothing prevents one from sending UDP packets to 172.16.x.x addresses. you're router will route them to the internet just like normal packets (but your ISP will probably drop them). These packets could set off the protocol control signature.

    i think port 161 is for SNMP, so its likely a false positive on some data in an SNMP udp packet.
    If so, why those hosts are sending SNMP to a 172.16.x.x address is probably worth investigating.
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  3. #3
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,542

    Default

    Hamachi... also some p2p clients can present this way. I don't pretend to know how it is supposed to work since your ISP provided gateway will take one look at it and drop the packet with a null route.

    Alternately you might have a printer or some other network attached device with a default configuration for SNMP on it doing this.

    One thing is certain, UT is great at finding strange things on networks!
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  4. #4
    Untanglit
    Join Date
    Aug 2008
    Posts
    24

    Default

    How would I persuade UT to tell me whether this is UDP or TCP?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2