I'm sure there's a simple answer to this :)

Having figured out how to view my modem's configuration page (thanks folks!), I was a bit surprised to see an IP address of 10.147.xxx.xxx which isn't in the range that
Robin Walker's (http://homepage.ntlworld.com/robin.d.h.walker/cmtips/ipaddr.html) pages indicate it should be ... A tracert shows the first hop via my wireless router, second confirms the 10.47.xxx.xxx address.

Using All Net Tools SmartWhois (http://www.all-nettools.com/toolbox) indicates this is in a range assigned to IANA in California ...

So I'm confused! Why isn't my address apparently a valid NTL one? And, er, is this a problem?
:confused:

Firstly :welcome: to nthellworld Jez

The cable modem (and other ntl routing devices) have a private address which is unique within the ntl network only, these are allowed by "RFC 1918 Address Allocation for Private Internets February 1996"



3. Private Address Space

The Internet Assigned Numbers Authority (IANA) has reserved the
following three blocks of the IP address space for private internets:

10.0.0.0 - 10.255.255.255 (10/8 prefix)
172.16.0.0 - 172.31.255.255 (172.16/12 prefix)
192.168.0.0 - 192.168.255.255 (192.168/16 prefix)

This is not your internet IP address which you find out from...

http://www.all-nettools.com/pr.htm

for example

NB many sites incorrectly quote the ntl proxy cache as your address, the cache changes depending on which size you check as each only handle a portion of the IP address space

That number could be the IP of the UBR you are connected to!

Ah! Thanks for that - I was worried I'd been hijacked or something! I suppose I don't really need/want to know why the modem has its own address space for private internets, do I ;) Ho hum.

... I suppose I don't really need/want to know why the modem has its own address space for private internets, do I ;) Ho hum.

It is an intelligent device, it likes to talk privately to other intelligent devices inside the ntl network, but you wouldn't want it talking to strangers on the internet!

This is not your internet IP address which you find out from...

http://www.all-nettools.com/pr.htm
Arrrggg - we have our own ......

http://www.nthellworld.co.uk/home?nav=tools&exec=proxy

Arrrggg - we have our own ......

http://www.nthellworld.co.uk/home?nav=tools&exec=proxy

Sorry,

This nearly works for me

You are using the following NTL proxy : oxfd-cache-2.server.ntli.net

This is an UNKNOWN NTL Proxy Server.

Sorry,

This nearly works for meFixed - a small typo. :)

It is an intelligent device, it likes to talk privately to other intelligent devices inside the ntl network, but you wouldn't want it talking to strangers on the internet!

The mind bogglea at the thought of 'what if' all intelligent devices in NTL decided to takea over the running of the company, experiences posted here and on the old board show that the 'life at the top' seems somewhat lacking, at times, in this commodity :D

Funny that - the idea of all these so-called intelligent devices communicating privately with each other didn't exactly fill me with confidence either :)

What are they communicating about, exactly? I know my router uses its private address space 192.168.xxx.xxx to operate my home network, but what's the modem up to?

Getting its CM configuration file, getting firmware upgrades, getting remotely monitored for connection quality details...

STBs add assorted interactive functions and TV related stuff to this. You need the modem to have an IP for the system to work.

Hi,

I've been having intermittent speed issues with my NTL 1.5Mbps BB service. I know its a long-winded post (Sorry!), but it is kinda connected (?) to this topic.

I've got a Belkin wireless Router (but normally only 1 PC is switched on at a time), I checked the security log on this, every 30 ish seconds, there was a DoS attack from 10.116.32.1. I figured this was fine, if a little annoying, but the firewall was doing its job.

However, this morning, I lost connectivity totally, after a bit of jiggery pokery I managed to get myself back up. BUT, the service was very flakey, so I tried a couple of ping & tracert tests. (See Below)

******
Tracing route to www.google.akadns.net (http://www.google.akadns.net/) [216.239.59.147]
over a maximum of 30 hops:

1 1 ms <1 ms 1 ms MY ROUTER
2 7 ms 5 ms 45 ms 10.116.32.1
3 7 ms 7 ms 6 ms pool-t2cam1-b-ge-wan34-104.inet.ntl.com [80.5.168.149]
4 9 ms 7 ms 7 ms sot3-t2core-b-pos71.inet.ntl.com [80.4.225.137]
5 9 ms 9 ms 8 ms gfd-bb-b-so-330-0.inet.ntl.com [62.253.185.53]
6 11 ms 27 ms 11 ms bre-bb-a-so-000-0.inet.ntl.com [213.105.172.149]
7 11 ms 11 ms 10 ms redb-ic-1-so-010-0.inet.ntl.com [62.253.188.106]
8 11 ms 12 ms 12 ms 195.66.224.125
9 42 ms 22 ms 40 ms 216.239.49.254
10 21 ms 23 ms 56 ms 216.239.49.114
11 25 ms 42 ms 40 ms 216.239.59.147

Trace complete.
******

The attacking IP is appearing at the start of EVERY tracert.

I thought the router might have been hacked, so removed that (tracert below)

******
Tracing route to www.google.akadns.net (http://www.google.akadns.net/) [216.239.59.147]
over a maximum of 30 hops:

1 6 ms 5 ms 5 ms 10.116.32.1
2 8 ms 5 ms 5 ms pool-t2cam1-b-ge-wan34-104.inet.ntl.com [80.5.168.149]
3 7 ms 7 ms 9 ms sot3-t2core-b-pos71.inet.ntl.com [80.4.225.137]
4 10 ms 8 ms 8 ms gfd-bb-b-so-330-0.inet.ntl.com [62.253.185.53]
5 19 ms 11 ms 10 ms bre-bb-a-so-000-0.inet.ntl.com [213.105.172.149]
6 10 ms 11 ms 10 ms redb-ic-1-so-010-0.inet.ntl.com [62.253.188.106]
7 19 ms 14 ms 12 ms 195.66.224.125
8 22 ms 40 ms 21 ms 216.239.49.254
9 36 ms 23 ms 41 ms 216.239.49.121
10 24 ms 41 ms 39 ms 216.239.59.147

Trace complete.
******

Clearly this didn't fixed it, so I tried plugging the modem direct to another PC, which had exactly the same problem.

This pointed me towards the modem! It is an ntl:home 120. After reading you're v. helpful forum I managed to get its IP as 10.170.xxx.xxx

The Internet connection is still up & down like a tart's draws and intermittently slow

I don't understand how or why everything is being routed through this 10.116.32.1. Furthermore, I don't know if this IP could be causing a bottleneck in my web access..? If anyone can shed any light on it, I'd be incredibly greatful! (Tried to ring NTL, but after 20 mins on hold, got bored!)

Cheers!

P.S. Let me know if any more info required!

I'm a bit puzzled (again!) by your 10.116.xxx.xxx AND the 10.170.xxx.xxx addresses but it was exactly this same thing that made me ask the question in the first place. My router was also reporting DOS attacks from the IP address which is why I did a whois on it but which we've now established is in fact my modem's private address (and though I'm not at it right now, I'm pretty sure appeared second in a tracert report) ... Since I'm also having intermittent drop-outs and some speed problems, AND I've a Belkin wireless router, is there something that dave_tracey and I are missing here? Should the router's firewall apparently be blocking our modem in this way and is this causing a problem? :confused:

Jez, your first post mentions 2 ip addresses: 10.147.xxx.xxx & 10.47.xxx.xxx. Is this correct, or a typo? If it is correct, then maybe the modem has 2 IP's..? - This would explain why mine were completely different (10.170.x.x reported on Modem config page & 10.116.x.x on DoS attacks), but it doesn't go anywhere near explaining why the router thinks the modem is attacking it... any ideas anyone?

Typo, I'd have thought.

10.116.32.1 is ntl's UBR in your area (UBR 1 Charminster, in fact), it's allowed to send you packets! It's the device that connects you to the internet, so it's technically correct to say it's a bottleneck, but only in the sense that it's the only way your traffic can go to get anywhere.

10.170.x.x is the private cable modem range for that area. 10.116.x.x is the private STB range for that area.

Just because a router thinks it's being DOSed doesn't mean it is - it's not a security expert.

Your modem's IP will NEVER appear in a traceroute - it passes traffic a layer below IP so will not show up at the IP layer (for this reason it's called a transparent bridge). You're almost certainly seeing your UBR there instead.

Thanks for the response! It just seemed odd that it didn't resolve the name. Shall I just ignore the Firewall log on the router?

Jez, your first post mentions 2 ip addresses: 10.147.xxx.xxx & 10.47.xxx.xxx. Is this correct, or a typo?

Er yes, typo I fear!

I appreciate that a router's firewall isn't all that smart, but I guess what I'm asking is whether there may be a problem in that the modem is presumably legitimately trying to talk to the router, but is being rebuffed by the firewall. I assume the answer is "no" but if that's the case, why is it trying it in the first place? (I'm thinking of an earlier thread to do with a particular brand of router being blocked for not playing ball with NTL's way of doing things, for instance?). Sorry if this is self-evident but it's all a bit of a black art to me as a broadband virgin
;)

It just seemed odd that it didn't resolve the name

Not really, it's just that it's a private address, which isn't unique on the internet so can't have a unique name. I could quite happily have 10.116.32.1 as my gateway IP here and call it BBs-Gateway, but this would mean nothing to anyone outside my private LAN.

Jez - I suggest a quick course of Robin Walker's cable broadband guide, which specifically states that you should allow your local UBR private IP and your DHCP servers through your firewall to prevent spurious attack indications.

Because your firewall is *behind* your router, the modem-to-ubr communication is unaffected. It's only router-to-ubr communication (DHCP in particular) that could be affected. Still best to allow the IP through.

Jez - I suggest a quick course of Robin Walker's cable broadband guide, which specifically states that you should allow your local UBR private IP and your DHCP servers through your firewall to prevent spurious attack indications. Because your firewall is *behind* your router, the modem-to-ubr communication is unaffected. It's only router-to-ubr communication (DHCP in particular) that could be affected. Still best to allow the IP through.
Thanks! I checked the relevant bit of the guide as you suggested - think I only understood one word in five ;) but enough to see that my router's firewall is locked down too tightly ... I can turn back on the response to ICMP pings OK, but otherwise the firewall is either on or off (and Belkin's support have just confirmed this). I'm kind of reluctant to turn it off and use a software firewall on each of the PCs instead unless there's a compelling reason to do so - I take it that if things are basically working OK, then there probably isn't?

If it's working, fine, but you'll have to ignore any spurious warnings that come off it. Or get a better firewall/router - mine certainly allows me to allow/deny specific ports and machines, and I think most do these days. Don't turn it off though, it's protecting you against a lot of malicious rubbish.

Any suggestions for a better router/firewall (Needs to be 54g Wireless)?

Was thinking about getting another AP anyway, so could use my existing Belkin one as an AP only...