funsec mailing list archives
Re: Interesting routes, info appreciated....
From: "Kaegler, Mike" <KaeglerM () tessco com>
Date: Tue, 21 Apr 2009 13:40:51 -0400
With respect to most other responders on this thread... The way traceroute works, a target machine is free to do whatever it wants with incoming packets. Including spoof a reply from someone else. http://www.thoughtcrime.org/software/fakeroute/ Look at the timings. Theres your clue. Starting with hop 14, you¹re talking to the target machine. -porkchop On 4/20/09 5:24 PM, "Richard Golodner" <rgolodner () infratection com> wrote:
I see in my log files that I get probed from 119.161.130.75 on an almost hourly basis (make dumb joke here), udp port scans, brute force password attempts, nothing to out of the ordinary which is why I ask help from the funsec community. Check out this log and tell me what is going on here. Hop 12 is the handoff from Sprint to China net. Hop 22 is a static route provided by GE with an IP of 3.3.3.2 Hop 23 is DoD Experimental IP space Hop 24 is the host harassing me. Why would I see a static route from GE here and then DoD IP space? I am just curious as I think this is a strange path to get to the host that resides at hop 24. Please feel free to chime in with any ideas. I have no clue, again. Thanks, Richard 1 1 ms 1 ms 1 ms 10.10.10.1 2 13 ms 11 ms 10 ms 10.20.0.1 3 7 ms 7 ms 7 ms vl2.aggr1.chgo.il.rcn.net [207.229.191.130] 4 9 ms 7 ms 7 ms tge3-1.border2.eqnx.il.rcn.net [207.172.19.159] 5 10 ms 7 ms 7 ms te-8-3.car3.Chicago1.Level3.net [4.71.101.73] 6 10 ms 11 ms 7 ms ae-1-51.edge3.Chicago3.Level3.net [4.68.101.20] 7 11 ms 8 ms 7 ms sl-st20-chi-5-0.sprintlink.net [144.232.19.173] 8 10 ms 11 ms 12 ms sl-crs2-chi-0-12-2-0.sprintlink.net [144.232.19.145] 9 31 ms 33 ms 30 ms sl-crs1-che-0-0-0-0.sprintlink.net [144.232.20.161] 10 61 ms 58 ms 59 ms sl-crs1-stk-0-0-0-1.sprintlink.net [144.232.20.241] 11 68 ms 60 ms 75 ms sl-crs2-sj-0-14-0-0.sprintlink.net [144.232.24.34] 12 57 ms 59 ms 59 ms sl-st20-sj-13-0-0.sprintlink.net [144.232.9.58] 13 156 ms 154 ms 154 ms sl-china1-7-0.sprintlink.net [144.223.242.126] 14 337 ms 340 ms 339 ms 202.97.51.189 15 352 ms 356 ms 364 ms 202.97.53.37 16 340 ms 340 ms 340 ms 220.181.16.126 17 357 ms 356 ms 355 ms 220.181.17.106 18 354 ms 354 ms 356 ms 220.181.144.33 19 348 ms 347 ms 351 ms 220.181.144.18 20 349 ms 352 ms 351 ms 218.240.7.107 21 349 ms 349 ms 353 ms 219.142.47.74 22 350 ms 353 ms 349 ms n003-000-000-000.static.ge.com [3.3.3.2] 23 * 350 ms 352 ms 6.6.6.6 24 351 ms 356 ms 353 ms 119.161.130.75 _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
-- Michael Kaegler, TESSCO Technologies: Engineering, 410 229 1295 Your wireless success, nothing less. http://www.tessco.com/
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Interesting routes, info appreciated.... Richard Golodner (Apr 20)
- Re: Interesting routes, info appreciated.... Paul Ferguson (Apr 20)
- Re: Interesting routes, info appreciated.... Paul Ferguson (Apr 20)
- Re: Interesting routes, info appreciated.... der Mouse (Apr 20)
- Re: Interesting routes, info appreciated.... Kaegler, Mike (Apr 21)