funsec mailing list archives
Re: Interesting routes, info appreciated....
From: Paul Ferguson <fergdawgster () gmail com>
Date: Mon, 20 Apr 2009 17:52:59 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Someone in either CNCGROUP Beijing or Beijing Capital Telecom is using 6.0.0.0 IP address space for their internal IP addressing. - - ferg On Mon, Apr 20, 2009 at 2:24 PM, Richard Golodner <rgolodner () infratection com> wrote:
I see in my log files that I get probed from 119.161.130.75 on an almost hourly basis (make dumb joke here), udp port scans, brute force password attempts, nothing to out of the ordinary which is why I ask help from the funsec community. Check out this log and tell me what is going on here. Hop 12 is the handoff from Sprint to China net. Hop 22 is a static route provided by GE with an IP of 3.3.3.2 Hop 23 is DoD Experimental IP space Hop 24 is the host harassing me. Why would I see a static route from GE here and then DoD IP space? I am just curious as I think this is a strange path to get to the host that resides at hop 24. Please feel free to chime in with any ideas. I have no clue, again. Thanks, Richard 1 1 ms 1 ms 1 ms 10.10.10.1 2 13 ms 11 ms 10 ms 10.20.0.1 3 7 ms 7 ms 7 ms vl2.aggr1.chgo.il.rcn.net [207.229.191.130] 4 9 ms 7 ms 7 ms tge3-1.border2.eqnx.il.rcn.net [207.172.19.159] 5 10 ms 7 ms 7 ms te-8-3.car3.Chicago1.Level3.net [4.71.101.73] 6 10 ms 11 ms 7 ms ae-1-51.edge3.Chicago3.Level3.net [4.68.101.20] 7 11 ms 8 ms 7 ms sl-st20-chi-5-0.sprintlink.net [144.232.19.173] 8 10 ms 11 ms 12 ms sl-crs2-chi-0-12-2-0.sprintlink.net [144.232.19.145] 9 31 ms 33 ms 30 ms sl-crs1-che-0-0-0-0.sprintlink.net [144.232.20.161] 10 61 ms 58 ms 59 ms sl-crs1-stk-0-0-0-1.sprintlink.net [144.232.20.241] 11 68 ms 60 ms 75 ms sl-crs2-sj-0-14-0-0.sprintlink.net [144.232.24.34] 12 57 ms 59 ms 59 ms sl-st20-sj-13-0-0.sprintlink.net [144.232.9.58] 13 156 ms 154 ms 154 ms sl-china1-7-0.sprintlink.net [144.223.242.126] 14 337 ms 340 ms 339 ms 202.97.51.189 15 352 ms 356 ms 364 ms 202.97.53.37 16 340 ms 340 ms 340 ms 220.181.16.126 17 357 ms 356 ms 355 ms 220.181.17.106 18 354 ms 354 ms 356 ms 220.181.144.33 19 348 ms 347 ms 351 ms 220.181.144.18 20 349 ms 352 ms 351 ms 218.240.7.107 21 349 ms 349 ms 353 ms 219.142.47.74 22 350 ms 353 ms 349 ms n003-000-000-000.static.ge.com [3.3.3.2] 23 * 350 ms 352 ms 6.6.6.6 24 351 ms 356 ms 353 ms 119.161.130.75
-----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.5.3 (Build 5003) wj8DBQFJ7Rjiq1pz9mNUZTMRAu0oAJ4nO95/Ysc8KuMc/oMw0vr7b5wWaQCgn+3+ A09qDUDqq81tpivLOK5MS3k= =dM/u -----END PGP SIGNATURE----- -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawgster(at)gmail.com ferg's tech blog: http://fergdawg.blogspot.com/ _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Interesting routes, info appreciated.... Richard Golodner (Apr 20)
- Re: Interesting routes, info appreciated.... Paul Ferguson (Apr 20)
- Re: Interesting routes, info appreciated.... Paul Ferguson (Apr 20)
- Re: Interesting routes, info appreciated.... der Mouse (Apr 20)
- Re: Interesting routes, info appreciated.... Kaegler, Mike (Apr 21)