Security Incidents mailing list archives
Re: UDP port 137 packets sent to 70.255.224.194 (and to other hosts/nets as well)
From: "Daniel S. Riley" <dsr () MAIL LNS CORNELL EDU>
Date: Wed, 30 Aug 2000 18:24:57 -0400
Pavel Lozhkin <pauel () BALAKOVO RU> writes:
For last week i sent 4 or 5 complains about UDP scan (138 port). I have one answer from iana.org,they wrote: "It is legal traffic and do not worry about it and contact to your ISP for more information".It was 2 day to go.Today i sent him a next complain about new scan.... In first: I am the ISP myself ;) In second: This traffic just has been directed not to one host,in the log i saw this: Aug-30-01:37:02 UDP from 169.254.100.72:137 to XXX.XX.XXX.16:137 Aug-30-01:37:06 UDP from 169.254.100.72:137 to XXX.XXX.XXX.17:137
169.254.0.0/16 is reserved for auto-configuration of local addresses in networks where no DHCP server is found[1]. That block is not (or at least should not) be routed over the internet backbones[2]. Any traffic from 169.254.0.0/16 is either from your local network, or forged--and either way, complaining to IANA or ISI is a waste of their time. [1] http://search.ietf.org/internet-drafts/draft-manning-dsua-03.txt [2] Try a traceroute--you should run into a no-route in a short number of hops: % traceroute 169.254.100.72 traceroute to 169.254.100.72 (169.254.100.72), 30 hops max, 40 byte packets 1 lnsfw (128.84.44.1) 3 ms 3 ms 3 ms 2 ccc1-8540-vl669.cit.cornell.edu (128.253.147.4) 9 ms 14 ms 10 ms 3 cornellnet4-gig1-0-0.cit.cornell.edu (128.253.222.162) 6 ms !H 5 ms !H 9 ms !H -- Dan Riley dsr () mail lns cornell edu Wilson Lab, Cornell University <URL:http://www.lns.cornell.edu/~dsr/> "History teaches us that days like this are best spent in bed"
Current thread:
- UDP port 137 packets sent to 70.255.224.194 Felipe Alfaro (Aug 29)
- Re: UDP port 137 packets sent to 70.255.224.194 Paul L Schmehl (Aug 30)
- Re: UDP port 137 packets sent to 70.255.224.194 (and to other hosts/nets as well) Pavel Lozhkin (Aug 30)
- Re: UDP port 137 packets sent to 70.255.224.194 (and to other hosts/nets as well) Daniel S. Riley (Aug 31)
- Re: UDP port 137 packets sent to 70.255.224.194 (and to other hosts/nets as well) Pavel Lozhkin (Aug 31)
- Re: UDP port 137 packets sent to 70.255.224.194 (and to other hosts/nets as well) Daniel S. Riley (Aug 31)
- Re: UDP port 137 packets sent to 70.255.224.194 Jens Hektor (Aug 30)