Hi!
A scan on my computer reported as up many local ips which simply does not exist in my network. This host is supposed to have ip 192.168.0.4, but all other ip should not be there... I have a USB modem connected to a Linux box, connected itselfs to a wifi linksys router and thats it...
# nmap -sP '192.168.*.*' | grep -v down
Starting nmap 3.81 (
http://www.insecure.org/nmap/ ) at 2010-11-18 21:46 CET
Host 192.168.0.4 appears to be up.
Host 192.168.7.27 appears to be up.
Host 192.168.10.0 appears to be up.
Host 192.168.10.1 appears to be up.
Host 192.168.10.31 appears to be up.
Host 192.168.11.192 appears to be up.
Host 192.168.11.193 appears to be up.
Host 192.168.11.223 appears to be up.
Host 192.168.11.224 appears to be up.
Host 192.168.11.225 appears to be up.
...
And several run of this command does not produce exactly the same output (some ips appear, some others disapear...)
More surprisingly, a traceroute to any of these IP hops out of my box:
# traceroute 192.168.159.28
traceroute to 192.168.159.28 (192.168.159.28), 30 hops max, 38 byte packets
1 xxxxx.fr (x.x.x.x) 59.428 ms 168.240 ms 76.222 ms
2 x.x.x.x (x.x.x.x) 47.865 ms 52.671 ms 103.895 ms
3 xxxxx.francetelecom.net (x.x.x.x) 46.882 ms 48.879 ms 46.961 ms
4 xxxxx.francetelecom.net (x.x.x.x) 181.731 ms 51.690 ms 46.856 ms
5 xxxxx.francetelecom.net (193.252.161.106) 57.016 ms 60.682 ms 54.889 ms
6 xxxxx.francetelecom.net (81.253.129.97) 60.832 ms 52.676 ms 56.877 ms
7 xe-4-0-0-0.ncidf201.Aubervilliers.francetelecom.net (193.252.98.193) 56.916 ms 84.664 ms 56.884 ms
8 gi3-2.nafti103.Aubervilliers.francetelecom.net (193.252.98.241) 59.925 ms 61.623 ms 58.824 ms
9 * * *
10 * * *
...
I guess somebody hacked my box, but I really want to understand this topic better. If you need any additional information, just tell me...
