Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


LikesTV

6 posts

Wannabe Geek


#250724 23-May-2019 09:28
Send private message

As I understand it, the IP range 100.64.0.0/10 is restricted for use by Internet Service Providers, within their own networks.

 

Therefore, we should not see any traffic with destination addresses within this space on a private network that connects to a Public IP.

 

Examination of the logs of internal network traffic at a customer shows these destinations occasionally (e.g. one or two firewall logs in four days), mainly from iPhones and Android devices.

 

Should I be suspicious of this traffic?

 

Should I permanently block the 100.64.0.0/10 range in all firewall Policies (from both Trusted and Untrusted BYOD networks)?

 

Thoughts and advice, anyone?

 

 

 

 

 

This is posted in the Vodafone forum as the customer in question is a Vodafone customer, and there may be some VF-specific answers - but this is also a general question for any network.

 

Same site as this previous forum post (possibly related issue)

 

https://www.geekzone.co.nz/forums.asp?forumid=40&topicid=248531


Create new topic
richms
25269 posts

Uber Geek

Trusted
Subscriber

  #2243459 23-May-2019 09:50
Send private message

What about when your ISP provisions CGNAT to its customers and they want to connect to you?





Richard rich.ms

Affiliate link
 
 
 

Affiliate link: Backblaze Unlimited Backup. World’s easiest cloud backup. Get peace of mind knowing your files are backed up securely in the cloud.
chevrolux
4962 posts

Uber Geek
Inactive user


  #2243461 23-May-2019 09:52
Send private message

I didn't think 100.64.0.0/10 was publicly routable, so therefore you shouldn't see any hits from the internet with 100.64 source addresses.


richms
25269 posts

Uber Geek

Trusted
Subscriber

  #2243481 23-May-2019 10:10
Send private message

chevrolux:

 

I didn't think 100.64.0.0/10 was publicly routable, so therefore you shouldn't see any hits from the internet with 100.64 source addresses.

 

 

Internet no, same ISP yes.





Richard rich.ms



LikesTV

6 posts

Wannabe Geek


  #2243576 23-May-2019 10:36
Send private message

Sorry, just for clarification, this is from examining Internal traffic (i.e inside the firewall).

 

 

 

I am seeing traffic from Internal devices seeking to go out to Shared Address Space IPv4 addresses.  I am not monitoring inbound traffic to the firewall from the Internet.

 

The majority of the traffic comes from Phones (roughly 50/50 split between iPhones and Androids) with a couple of dektop computers.

 

In most cases, only one or two logs in four days


richms
25269 posts

Uber Geek

Trusted
Subscriber

  #2243580 23-May-2019 10:45
Send private message

Well if you're not on an ISP that does CGNAT they will go nowhere, and if you are on one that has some customers on it then its not any different to connecting to any other client of the same ISP. Probably some app on their phone trying to open a connection somewhere for a call or something. I cant see any reason to be blocking it.





Richard rich.ms

gaddman
224 posts

Master Geek

Trusted

  #2244040 23-May-2019 17:45
Send private message

In the Vodafone network we use that range as CGNAT for mobiles, so that'll be why you see Android and Apple devices. Odd that you see them at all, but I guess the phone is just trying to connect using its last gateway IP. Inside your firewall it's not going to route anywhere, so if you're taking a blocklist approach I don't see any benefit in adding that range. Equally I don't see any downside in adding it. But Im not a security professional, so take that advice for what it's worth.

gaddman
224 posts

Master Geek

Trusted

  #2244041 23-May-2019 17:50
Send private message

richms:

chevrolux:


I didn't think 100.64.0.0/10 was publicly routable, so therefore you shouldn't see any hits from the internet with 100.64 source addresses.



Internet no, same ISP yes.



I think this will depend on the ISP. There may not be a path between customers of the same ISP without going through NAT. That's how ours operates anyway, dunno about others using CGNAT.

Create new topic





News and reviews »

Samsung Introducing Galaxy Z Flip4 and Galaxy Z Fold4
Posted 11-Aug-2022 01:00


Samsung Health Innovations with Galaxy Watch5 and Galaxy Watch5 Pro
Posted 11-Aug-2022 01:00


Google Bringing First Cloud Region to Aotearoa New Zealand
Posted 10-Aug-2022 08:51


ANZ To Move to FIS Modern Banking Platform
Posted 10-Aug-2022 08:28


GoPro Hero10 Black Review
Posted 8-Aug-2022 17:41


Amazon to Acquire iRobot
Posted 6-Aug-2022 11:41


Samsung x LIFE Picture Collection Brings Iconic Moments in History to The Frame
Posted 4-Aug-2022 17:04


Norton Consumer Cyber Safety Pulse Report: Phishing for New Bait on Social Media
Posted 4-Aug-2022 16:50


Microsoft Announces New Solutions for Threat Intelligence and Attack Surface Management
Posted 3-Aug-2022 21:54


Seagate Addresses Hyperscale Workloads with Enterprise-Class Nytro SSDs
Posted 3-Aug-2022 21:50


Visa Launching Eco-friendly Payment Solutions in New Zealand
Posted 3-Aug-2022 21:48


NCR Delivers Services to Run Bank of New Zealand ATM Network
Posted 30-Jul-2022 11:06


New HP Portfolio Supports New Era of Hybrid Work
Posted 28-Jul-2022 17:14


Harman Kardon Launches Citation MultiBeam 1100 Soundbar
Posted 28-Jul-2022 17:10


Nanogirl Labs Launches Creator Project
Posted 28-Jul-2022 17:05









Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.







GoodSync is the easiest file sync and backup for Windows and Mac