any known users of NetRange 172.16.0.0 - 172.31.255.255
Hello friends, I have this very odd email address found with one of our employees.... <hidden_user@172.17.0.1> A.f.a.i.k. 172.16.0.0 - 172.31.255.255 is: NetRange: 172.16.0.0 - 172.31.255.255 CIDR: 172.16.0.0/12 NetName: IANA-BBLK-RESERVED NetHandle: NET-172-16-0-0-1 Parent: NET-172-0-0-0-0 NetType: IANA Special Use NameServer: BLACKHOLE-1.IANA.ORG NameServer: BLACKHOLE-2.IANA.ORG Comment: This block is reserved for special purposes. Please see RFC 1918 for additional information. RegDate: 1994-03-15 Updated: 2002-09-12 Here's my questions: - Given that 1918 deals with allocation issues for "private Internets", is there a recording entity of this special address space beyond the formal IANA, which details the distribution of data from any "private Internet" once it enters the public Internet vice versa ? - Whom to anyone's knowledge is known to be using (for special projects) or perhaps misusing this 172.17.0.1 ? Greatly appreciate some insight, off list or on list, at your leisure. best to all, Bertil Bertil Fortrie hostmaster@nso.org
at Friday, September 27, 2002 1:42 AM, hostmaster <hostmaster@nso.org> was seen to say:
<hidden_user@172.17.0.1> Its a pretty common "leak" format. what usually happens is this. An internal mail server is running on a network using 1918 addressing, and is addressed by smtp by a user. The user identifies as a bare name (no @ sign) - using "MAIL FROM: hidden_user" and the mailler Reverse DNS looksup the IP address of the client, and appends that dns name (or the ip address if the rdns fails) your best bet is to look for the first recognisable mailserver in the chain, and forward a query to the postmaster of that mailserver - either it is one of his own internal systems doing this, or he is being used as a relay by a spammer. either way, he will probably want to know about it :)
participants (2)
-
David Howe
-
hostmaster