Some very strange network behaviors

• Previous message (by thread): Cisco IOS Failure due to Virus
• Next message (by thread): Some very strange network behaviors
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I am not sure if this post belongs here, so I apologize if it does not.
I have been experiencing some weirdness while traveling and wondered if
the group has any insight into what seems to be a pretty ugly situation.

I am traveling and have my lap top with me. I am staying in a hotel that
offers broadband support. There are 2 of us (with 2 lap tops) sharing a
room. I acquire an internet connection and sign up for the service, so
get an IP address. In my case that IP address is 12.44.189.24.

I disconnect my cable and pass it to my roommate. He plugs in and
acquires IP address 12.44.189.47. He does the email thing for a while
and then passes the cable back to me. Imagine my surprise when the
network routes packets destined for his IP address (from his email
server no less) to my computer. My firewall (Zone alarm) detects these
incoming packets and blocks them since they are unsolicited.

In further analysis of the logs, I see that there are a large number of
IP addresses that are packet destinations and routed to my computer Zone
Alarm detects them and blocks them. According to Zone Alarm I am getting
packets for destination IP addresses as follows:12.44.189.244.
12.44.189.178 12.44.189.181 12.189.44.244 and some others too. They are
all port 80 requests, identified by Zone Alarm as TCP (flags:S).

This seems strange to me since they are arriving at an IP address that
is different from mine. 

How can this happen? Is there the potential for a problem (I am thinking
particularly about future guests who may not have the degree of
protection (limited though it is) that Zone Alarm is affording me.)?

This then got me thinking about corporate security. If I have taken my
laptop and put it on an external network (e.g. the hotel network) what
protections can I realistically expect, and what should my corporate IT
department do to make sure my compute hasn't contracted something nasty
while it was away from home. I could see that the kind of network
behavior that I observed could infect a less well protected computer and
thus cause me to bring an infection back to my office where it can
attack from behind the corporate shields and firewalls.

Any comments would be very welcome.

Regards

Chris Bird

• Previous message (by thread): Cisco IOS Failure due to Virus
• Next message (by thread): Some very strange network behaviors
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]