Cable Internet (Is a local area network really private)

BigJ816

n00b
Joined
Jun 24, 2014
Messages
6
This morning I was going through my PC firewall log, and came across an ip that was blocked.

The strange thing was that it was a local area network ip, 192.168.200.117 but it wasn't in the range that I had set.

So I went ahead and ran a scan with advanced ip scanner ranging from 192.168.0.0 to 192.168.255.255.

To my surprise I found 243 alive ip addresses on my home network.

http://i1288.photobucket.com/albums/b482/BigJ816/AdvancedIPScanner_zpsa1a2bcf8.jpg

So I decided to run a tracerout to get an idea where on my network these ip addresses were coming from.

The strange thing is the tracerout makes it appear as if the ip belongs to Time Warner.

http://i1288.photobucket.com/albums/b482/BigJ816/TracingRoute_zpsf4a80867.jpg

Now I have a friend that works for Time Warner, and he showed me that he could scan and see all the devices inside my network using his laptop provided by Time Warner.

I had always assumed that Time Warner was able to do this due to the fact that I was using their cable modem. In which the cable modem would report what was on my network.

Now that I see all these Local Area Network addresses I'm not sure what to think.

So I'm wondering if anyone has any thoughts or opinions on this?

Also can anyone else using Time Warner cables Broadband connection see these ip addresses.
 
It's not uncommon for ISPs to have stuff on private IPs, the fact that there's no mac-address shows that its outside your network (and the traceroute/tracert).

You're safe
//Danne
 
As long as you have a Firewall / router that isn't Timewarner, you are okay. Those are outside your perimeter.
 
Poorly configured router/firewall?

It shouldn't be routing private addresses over a wan link. Kind of suprising that TWC isn't dropping the packets once it hits their network.
 
Poorly configured router/firewall?

It shouldn't be routing private addresses over a wan link. Kind of suprising that TWC isn't dropping the packets once it hits their network.

On our Comcast Fiber 'Business Ethernet' DIA circuit the firewall blocks massive numbers of local IP addresses headed to our public NTP pool servers.

I called them out on NANOG and half a dozen engineers talked to me about it for couple weeks or so, starting off with "FU, NO WAY!", fading to "Wow, it's (mostly?) our CableWifi hotspots in your region and all their guests", shortly followed by "we started blocking pubic IPs at all our routers that service you", on to "F$^% IT, I can't figure out how we can fix it and no one cares enough - just keep blocking it". Inspires great confidence.

Hope no one needs accurate time.
 
Your first hop is 192.168.1.146 which is a device on your network with an intel nic.

Isolate that device and remove it. Your problem should go away.
 
Is 192.168.1.146 the VM host of the guest you're running the scanner from?

Your PFSense firewall inside interface and LAN gateway is 192.168.1.1? What's the outside interface, 192.168.100.2?

You must be allowing icmp echo request from outside to inside if your friend can ping your LAN hosts. If that wasn't your intention then you probably want to double-check your firewall rules.
 
Does PfSense allow outside icmp echo by default? Sorry I'm still a n00bie when it comes to networking.

I went ahead and plugged my pc directly into the cable modem then ran a ip scan.

This is what I saw.

http://i1288.photobucket.com/albums/b482/BigJ816/IPScan_zpsb114e0ee.jpg

Then ran a traceroute.

http://i1288.photobucket.com/albums/b482/BigJ816/TraceRout_zps126c41c3.jpg

All in all I'm still not sure how to keep Time Warner aka Road Runner from getting access inside my network.

I'm going to change my ip range too this 10.0.0.0 - 10.255.255.255 I'm hoping with a larger range it will be more difficult to peak inside my network.

Any thoughts or ideas would be appreciated, thanks.
 
You realise there's a difference between out of your network and into your network? Don't you filter inwards?
 
You realise there's a difference between out of your network and into your network? Don't you filter inwards?

I believe he was checked at the ISP router, which may not be filtering on that.

In any case this is why I have always had my own router and firewall behind the ISP modem/router. That way I can control the traffic coming in or out of my network as well as the visibility.
 
I'm going to change my ip range too this 10.0.0.0 - 10.255.255.255 I'm hoping with a larger range it will be more difficult to peak inside my network.

We already know your ISP routes private 192.168.0.0 /16 addresses within its network. With that knowledge don't assume they're not doing the same with 10.0.0.0 /8 without checking/scanning. Also, you want your own network smaller otherwise your firewalls rules might inadvertently allow more access than you had intended if IPs within your network range exist outside your firewall. Your home network should ideally be /24 or smaller like /28 considering the number of hosts in use.
 
First of all, I would stop worrying about any IP's outside of your local ip range (192.168.1.*). 192.168.200.* are NOT your home network (unless your subnet is NOT 255.255.255.0?) . That is something in your ISP's network, most likely, and like someone else mentioned, it's actually strange that they're even routing those ip's, but it shouldn't really affect anything regardless.

The fact that your router shows logs saying it blocked addresses from 192.168.200.* is good, it means your firewall is doing its job, since 192.168.200.* is, once again, NOT inside your network.

I would check with your friend at your ISP, the one that said he can see your network. Get him to give you a list of IP's and port's if he's connecting via TCP/UDP, or if he's using ICMP packets somehow, that he can connect to.

Honestly, I don't really know how he would be able to see anything inside your network, so I'm kind of curious.

edit: I want to reiterate that I'm assuming your network is 192.168.1.0 (subnet 255.255.255.0). I feel pretty certain of this, however you should double check in your pfsense settings that this is the case.
 
Last edited:
He shouldn't be able to see anything inside of your network. Your cable modem only gives out 1 ip. Everything behind that should be hidden even to some one at TWC. If you were using a TWC provided router then yes they can see everything connected to it. If he can connect to your private ip and log in then you have done something wrong on how your network is setup.
 
Back
Top