funsec mailing list archives

Previous By Date Next
Previous By Thread Next

Interesting routes, info appreciated....

From: "Richard Golodner" <rgolodner () infratection com>
Date: Mon, 20 Apr 2009 16:24:10 -0500
                I see in my log files that I get probed from 119.161.130.75
on an almost hourly basis (make dumb joke here), udp port scans, brute force
password attempts, nothing to out of the ordinary which is why I ask help
from the funsec community. Check out this log and tell me what is going on
here.

Hop 12 is the handoff from Sprint to China net.

Hop 22 is a static route provided by GE with an IP of 3.3.3.2

Hop 23 is DoD Experimental IP space

Hop 24 is the host harassing me.

                Why would I see a static route from GE here and then DoD IP
space? I am just curious as I think this is a strange path to get to the
host that resides at hop 24. 

                Please feel free to chime in with any ideas.  I have no
clue, again.

Thanks, Richard

 

 

1     1 ms     1 ms     1 ms  10.10.10.1

  2    13 ms    11 ms    10 ms  10.20.0.1

  3     7 ms     7 ms     7 ms  vl2.aggr1.chgo.il.rcn.net [207.229.191.130]

  4     9 ms     7 ms     7 ms  tge3-1.border2.eqnx.il.rcn.net
[207.172.19.159]

  5    10 ms     7 ms     7 ms  te-8-3.car3.Chicago1.Level3.net
[4.71.101.73]

  6    10 ms    11 ms     7 ms  ae-1-51.edge3.Chicago3.Level3.net
[4.68.101.20]

  7    11 ms     8 ms     7 ms  sl-st20-chi-5-0.sprintlink.net
[144.232.19.173]

  8    10 ms    11 ms    12 ms  sl-crs2-chi-0-12-2-0.sprintlink.net
[144.232.19.145]

  9    31 ms    33 ms    30 ms  sl-crs1-che-0-0-0-0.sprintlink.net
[144.232.20.161]

 10    61 ms    58 ms    59 ms  sl-crs1-stk-0-0-0-1.sprintlink.net
[144.232.20.241]

 11    68 ms    60 ms    75 ms  sl-crs2-sj-0-14-0-0.sprintlink.net
[144.232.24.34]

 12    57 ms    59 ms    59 ms  sl-st20-sj-13-0-0.sprintlink.net
[144.232.9.58]

 13   156 ms   154 ms   154 ms  sl-china1-7-0.sprintlink.net
[144.223.242.126]

 14   337 ms   340 ms   339 ms  202.97.51.189

 15   352 ms   356 ms   364 ms  202.97.53.37

 16   340 ms   340 ms   340 ms  220.181.16.126

 17   357 ms   356 ms   355 ms  220.181.17.106

 18   354 ms   354 ms   356 ms  220.181.144.33

 19   348 ms   347 ms   351 ms  220.181.144.18

 20   349 ms   352 ms   351 ms  218.240.7.107

 21   349 ms   349 ms   353 ms  219.142.47.74

 22   350 ms   353 ms   349 ms  n003-000-000-000.static.ge.com [3.3.3.2]

 23     *      350 ms   352 ms  6.6.6.6

 24   351 ms   356 ms   353 ms  119.161.130.75        


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
Previous By Date Next
Previous By Thread Next

Current thread: