funsec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Interesting routes, info appreciated....

From: Paul Ferguson <fergdawgster () gmail com>
Date: Mon, 20 Apr 2009 17:52:59 -0700
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Someone in either CNCGROUP Beijing or Beijing Capital Telecom is using
6.0.0.0 IP address space for their internal IP addressing.

- - ferg


On Mon, Apr 20, 2009 at 2:24 PM, Richard Golodner
<rgolodner () infratection com> wrote:


                I see in my log files that I get probed from
119.161.130.75 on an almost hourly basis (make dumb joke here), udp port
scans, brute force password attempts, nothing to out of the ordinary
which is why I ask help from the funsec community. Check out this log and
tell me what is going on here.

Hop 12 is the handoff from Sprint to China net.

Hop 22 is a static route provided by GE with an IP of 3.3.3.2

Hop 23 is DoD Experimental IP space

Hop 24 is the host harassing me.

                Why would I see a static route from GE here and then DoD
IP space? I am just curious as I think this is a strange path to get to
the host that resides at hop 24.

                Please feel free to chime in with any ideas.  I have no
clue, again.

Thanks, Richard





1     1 ms     1 ms     1 ms  10.10.10.1

  2    13 ms    11 ms    10 ms  10.20.0.1

  3     7 ms     7 ms     7 ms  vl2.aggr1.chgo.il.rcn.net
[207.229.191.130]

  4     9 ms     7 ms     7 ms  tge3-1.border2.eqnx.il.rcn.net
[207.172.19.159]

  5    10 ms     7 ms     7 ms  te-8-3.car3.Chicago1.Level3.net
[4.71.101.73]

  6    10 ms    11 ms     7 ms  ae-1-51.edge3.Chicago3.Level3.net
[4.68.101.20]

  7    11 ms     8 ms     7 ms  sl-st20-chi-5-0.sprintlink.net
[144.232.19.173]

  8    10 ms    11 ms    12 ms  sl-crs2-chi-0-12-2-0.sprintlink.net
[144.232.19.145]

  9    31 ms    33 ms    30 ms  sl-crs1-che-0-0-0-0.sprintlink.net
[144.232.20.161]

 10    61 ms    58 ms    59 ms  sl-crs1-stk-0-0-0-1.sprintlink.net
[144.232.20.241]

 11    68 ms    60 ms    75 ms  sl-crs2-sj-0-14-0-0.sprintlink.net
[144.232.24.34]

 12    57 ms    59 ms    59 ms  sl-st20-sj-13-0-0.sprintlink.net
[144.232.9.58]

 13   156 ms   154 ms   154 ms  sl-china1-7-0.sprintlink.net
[144.223.242.126]

 14   337 ms   340 ms   339 ms  202.97.51.189

 15   352 ms   356 ms   364 ms  202.97.53.37

 16   340 ms   340 ms   340 ms  220.181.16.126

 17   357 ms   356 ms   355 ms  220.181.17.106

 18   354 ms   354 ms   356 ms  220.181.144.33

 19   348 ms   347 ms   351 ms  220.181.144.18

 20   349 ms   352 ms   351 ms  218.240.7.107

 21   349 ms   349 ms   353 ms  219.142.47.74

 22   350 ms   353 ms   349 ms  n003-000-000-000.static.ge.com [3.3.3.2]

 23     *      350 ms   352 ms  6.6.6.6

 24   351 ms   356 ms   353 ms  119.161.130.75





-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.5.3 (Build 5003)

wj8DBQFJ7Rjiq1pz9mNUZTMRAu0oAJ4nO95/Ysc8KuMc/oMw0vr7b5wWaQCgn+3+
A09qDUDqq81tpivLOK5MS3k=
=dM/u
-----END PGP SIGNATURE-----


-- 
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawgster(at)gmail.com
 ferg's tech blog: http://fergdawg.blogspot.com/
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
Previous By Date Next
Previous By Thread Next

Current thread: