Could there be bogus email from domain-block@opendns.com?

Comments

7 comments

  • Avatar
    Chris Frost

    Sounds like you might have a NATd IP address from your ISP, which means that multiple customers from your ISP could be using the same IP address. Do you know if your IP address is NATd? This would explain why you are getting blocked page requests from unknown users. 

    0
    Comment actions Permalink
  • Avatar
    djklord

    I don't know whether or not I have a NATd IP address. Could I discover this by inspecting either my router or (DSL) modem settings, or would I have to communicate with my ISP?

    BTW, thank you for your quick response.

    0
    Comment actions Permalink
  • Avatar
    rotblitz

    It's not quite easy to find out final confirmation if you have a shared IP address without asking your ISP.

    You may perform these tests:
    http://www.lagado.com/proxy-test
    http://www.lagado.com/tools/cache-test
    And you can run a software like http://portforward.com/help/router-detector.htm
    And you can perform a WHOIS with your IP address. http://www.iana.org/assignments/ipv4-address-space/ipv4-address-space.xhtml

    0
    Comment actions Permalink
  • Avatar
    rotblitz

    If the above is too much efforts for you, you may perform a quicker check.  Check the IP addresses at/with:

    They should all be identical, else your ISP is most likely somehow NATting or proxying you.

    0
    Comment actions Permalink
  • Avatar
    Brian Hartvigsen

    While rotblitz's tests may expose a proxy server, most of those tests would not expose a NAT configuration.  The exception would be checking WAN IP address of the router/modem and the WHOIS information on your public IP.

    Generally in the case of a NAT setup, the WAN IP will be an RFC1918 address (e.g. 192.168.1.1 & 10.0.0.1).  But not always, they could be using some other address space, though that would be somewhat odd.

    When checking the WHOIS, some ISPs will actually label an address poll as NAT, but again, not all of them.

    Asking the ISP directly is generally the best option.  Also a note that a NAT configuration does not require a proxy server, most home networks are NAT'ed internally and have no proxy server, so those tests won't reveal anything about a NAT setup generally.

    0
    Comment actions Permalink
  • Avatar
    djklord

    I appreciate the help offered. I've checked performed most of the checks suggested. I don't see any evidence of NAT going on. (I was confused for a while by the term "NATd". I know what NAT is, but not "NATd". I finally figured out, it means "NAT"ed.

    I'm going to drop this issue for now. I don't really  have time to deal with it any further. If I see such a problem again, I will call my ISP and talk to them about it.

    0
    Comment actions Permalink
  • Avatar
    rotblitz

    "most of those tests would not expose a NAT configuration."

    They would.  Although these tests could merely expose the use of a proxy or caching server, these are typical situations where public IP address sharing takes effect too, and proxy/caching services necessarily come with NATting too.  So, if any of those tests is positive, then NATting and possibly public IP address sharing are involved.  But as you correctly say, these tests would not reveal NAT without proxy/caching service.

    A special case is the router-detector test.  It also exposes ISP VLAN configurations, and if the IP address on the ISP facing devices is not identical with the final public IP address being found, then we have a NAT configuration too which may or may not come with public IP address sharing.

    "they could be using some other address space, though that would be somewhat odd."

    These could be RFC-6598 Carrier Grade NAT addresses:  100.64.0.0/10  (100.64.0.0 - 100.127.255.255)
    and also RFC-5735 special case IP address ranges:

      169.254.0.0/16
      192.0.0.0/24
      192.0.2.0/24
      192.88.99.0/24
      198.18.0.0/15
      198.51.100.0/24
      203.0.113.0/24

    Summarizing: If a proxy is being used, then NAT is necessarily involved, quite often with public IP address sharing.  The other way around, NAT does not imply that a proxy is being used, but also may come with public IP address sharing.  Yes, home network routers is a good example.

    0
    Comment actions Permalink

Please sign in to leave a comment.