RFC1918 Addresses Showing up in Firewall Logs on WAN

  • Is it possible that something on my end is causing this?  I do not use the 10.x addresses internally.  These started showing up a few weeks ago.  Please see attachment.

    When I ping the address Verizon says it is unreachable.  Is this something I should be worried about?

    PING ( from xx.xxx.xxx.xxx: 56 data bytes
    76 bytes from G0-13-2-0.LSANCA-LCR-22.verizon-gni.net ( Destination Net Unreachable
    Vr HL TOS  Len  ID Flg  off TTL Pro  cks      Src      Dst
    4  5  00 0054 61e7  0 0000  3f  01 d87f

    –- ping statistics ---
    3 packets transmitted, 0 packets received, 100.0% packet loss

    2.2.3-DEVELOPMENT  (amd64)
    built on Sun Jun 21 16:02:12 CDT 2015

    FreeBSD 10.1-RELEASE-p13

  • Your ISP shouldn't let you get there. It's certainly a bit odd, but I doubt it's anything to be concerned with. It looks like a reply from a HTTPS server to a connection you initiated, but somehow the reply got sourced from a private IP, and made it across the Internet back to you. If we were in an ideal world that shouldn't be possible, but a lot of ISPs don't filter that traffic ingress (or egress at times).

    What likely happened is you connected to some HTTPS site whose network was broken in such a way that some server routed replies back without NAT happening to translate it back to the public IP you actually connected to in the first place.

    If it continues, it's worth investigating what's happening. If not, don't worry about it.

Log in to reply