Security Incidents mailing list archives
traceroute ICMP packets
From: lfabian () CRIC CHEMRES HU (Laszlo Fabian)
Date: Tue, 4 Jan 2000 17:15:22 +0100
Hello,
My Linux box has recently logged some traceroute ICMP packets. Of course,
I did not traceroute these hosts. (Packets from hosts between my
computer and the source IPs are missing as well.)
Do you have any idea what this can be?
Here are the (ipchains) logs:
(x.y.u.v is the IP address of myhost)
Jan 3 15:29:54 myhost kernel: Packet log: input ACCEPT eth0 PROTO=1
167.216.136.2:11 x.y.u.v:0 L=56 S=0xC0 I=21545 F=0x0000 T=247
Jan 3 15:30:07 myhost kernel: Packet log: input ACCEPT eth0 PROTO=1
212.59.199.41:11 x.y.u.v:0 L=56 S=0x00 I=3106 F=0x0000 T=237
Jan 3 15:30:16 myhost kernel: Packet log: input ACCEPT eth0 PROTO=1
212.59.199.41:11 x.y.u.v:0 L=56 S=0x00 I=3124 F=0x0000 T=237
Jan 3 15:30:23 myhost kernel: Packet log: input ACCEPT eth0 PROTO=1
167.216.136.2:11 x.y.u.v:0 L=56 S=0xC0 I=21986 F=0x0000 T=247
... (more packets from these hosts with similar delays between them)
Laszlo
Current thread:
- Re: port 119, (continued)
- Re: port 119 Vince Vielhaber (Jan 05)
- Ports 25092 / 20869 Vanja Hrustic (Jan 04)
- Re: Ports 25092 / 20869 Robert Graham (Jan 04)
- port 1150 and 4833 ? Kim R. Rasmussen (Jan 04)
- Re: port 1150 and 4833 ? Frameloss, Frameloss (Jan 10)
- Re: port 119 R a v e N (Jan 05)
- Re: port 119 Scott Laws (Jan 04)
- Writeup: it. TLD going astray Arrigo Triulzi (Jan 03)
- Computer Forsenics System Administrator (Jan 03)
- Re: Computer Forsenics-> www.fish.com/forensics mike (Jan 03)
- traceroute ICMP packets Laszlo Fabian (Jan 04)
- Re: traceroute ICMP packets M J (Jan 04)
- Re: traceroute ICMP packets Larry Canup (Jan 18)
- Re: ICMP time exceed in-transit packets Paul Cardon (Jan 02)
- Re: Port Scan on 371... Etaoin Shrdlu (Jan 02)
- Re: Port Scan on 371... Christopher Wilson (Jan 02)
- correlation between porscans and local activity Thomas Molina (Jan 02)
- Re: correlation between porscans and local activity Sean Sosik-Hamor (Jan 03)