My webapp received a request from 10.18.255.249 (but the 10.0.0.0/9 cidr block is reserved) according to https://www.arin.net/knowledge/rfc/rfc1918.txt
How is this even possible?
My webapp received a request from 10.18.255.249 (but the 10.0.0.0/9 cidr block is reserved) according to https://www.arin.net/knowledge/rfc/rfc1918.txt
How is this even possible?
I think it is a forged request; this kind of IP is not routable over the Internet. Some Linux kernel report them as "alien traffic".
It is maybe some kind of bot that makes DoS or DDoS because only the Web request matters, not the response.
It's certainly possible; net 10 is a private address space, for internal networks to organisations. Sometimes net 10 addresses leak out in various places in upper layer protocols. It is even possible that there is a net 10 inside your hosting facility, and it's actually for real rather than a mistake.
10.0.0.0/8 is reserved for internal private networks. If you are in a corporate environment, there will be frequent IP addresses handed out in this range.
While they're not supposed to got out over the internet, big companies will have packets using that range flying all over the place.
If you're receiving this in a hosted environment (i.e., your web app faces the internet), it's possible that your hosting provider is hitting your page. I've seen this happen with performance monitoring tools that were installed to monitor service level agreements.
The request is probably coming from inside the network of wherever your box is and not from the internet. Ask you hosting provider about what NATed network blocks are in their network.