funsec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Interesting routes, info appreciated....

From: "Kaegler, Mike" <KaeglerM () tessco com>
Date: Tue, 21 Apr 2009 13:40:51 -0400
With respect to most other responders on this thread...
The way traceroute works, a target machine is free to do whatever it wants
with incoming packets. Including spoof a reply from someone else.
http://www.thoughtcrime.org/software/fakeroute/

Look at the timings. Theres your clue. Starting with hop 14, you¹re talking
to the target machine.
-porkchop


On 4/20/09 5:24 PM, "Richard Golodner" <rgolodner () infratection com> wrote:


                I see in my log files that I get probed from 119.161.130.75 on
an almost hourly basis (make dumb joke here), udp port scans, brute force
password attempts, nothing to out of the ordinary which is why I ask help from
the funsec community. Check out this log and tell me what is going on here.
Hop 12 is the handoff from Sprint to China net.
Hop 22 is a static route provided by GE with an IP of 3.3.3.2
Hop 23 is DoD Experimental IP space
Hop 24 is the host harassing me.
                Why would I see a static route from GE here and then DoD IP
space? I am just curious as I think this is a strange path to get to the host
that resides at hop 24.
                Please feel free to chime in with any ideas.  I have no clue,
again.
Thanks, Richard
 
 
1     1 ms     1 ms     1 ms  10.10.10.1
  2    13 ms    11 ms    10 ms  10.20.0.1
  3     7 ms     7 ms     7 ms vl2.aggr1.chgo.il.rcn.net [207.229.191.130]
  4     9 ms     7 ms     7 ms tge3-1.border2.eqnx.il.rcn.net [207.172.19.159]
  5    10 ms     7 ms     7 ms  te-8-3.car3.Chicago1.Level3.net [4.71.101.73]
  6    10 ms    11 ms     7 ms  ae-1-51.edge3.Chicago3.Level3.net
[4.68.101.20]
  7    11 ms     8 ms     7 ms  sl-st20-chi-5-0.sprintlink.net
[144.232.19.173]
  8    10 ms    11 ms    12 ms  sl-crs2-chi-0-12-2-0.sprintlink.net
[144.232.19.145]
  9    31 ms    33 ms    30 ms  sl-crs1-che-0-0-0-0.sprintlink.net
[144.232.20.161]
 10    61 ms    58 ms    59 ms  sl-crs1-stk-0-0-0-1.sprintlink.net
[144.232.20.241]
 11    68 ms    60 ms    75 ms  sl-crs2-sj-0-14-0-0.sprintlink.net
[144.232.24.34]
 12    57 ms    59 ms    59 ms  sl-st20-sj-13-0-0.sprintlink.net
[144.232.9.58]
 13   156 ms   154 ms  154 ms  sl-china1-7-0.sprintlink.net [144.223.242.126]
 14   337 ms   340 ms  339 ms  202.97.51.189
 15   352 ms   356 ms  364 ms  202.97.53.37
 16   340 ms   340 ms  340 ms  220.181.16.126
 17   357 ms   356 ms  355 ms  220.181.17.106
 18   354 ms   354 ms  356 ms  220.181.144.33
 19   348 ms   347 ms  351 ms  220.181.144.18
 20   349 ms   352 ms  351 ms  218.240.7.107
 21   349 ms   349 ms  353 ms  219.142.47.74
 22   350 ms   353 ms  349 ms  n003-000-000-000.static.ge.com [3.3.3.2]
 23    *      350 ms   352 ms  6.6.6.6
 24   351 ms   356 ms  353 ms  119.161.130.75


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.


-- 
Michael Kaegler, TESSCO Technologies: Engineering, 410 229 1295
Your wireless success, nothing less. http://www.tessco.com/


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
Previous By Date Next
Previous By Thread Next

Current thread: