Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Is my IP Address being spoofed?

From: Matthew Collins <Matthew.Collins () NORTHERNREGISTRARS CO UK>
Date: Tue, 27 Mar 2001 13:29:52 +0100
****************************************************************************************
This message and any attachments are confidential to the ordinary user of
the e-mail address to which it was addressed and may also be privileged.
If you are not the addressee you may not copy, forward, disclose or use 
any part of the message or its attachments and if you have received this
message in error, please notify the sender immediately by return e-mail and
delete it from your system.
Internet communications cannot be guaranteed to be secure or error-free 
as information could be intercepted, corrupted, lost, arrive late or contain 
viruses. The sender therefore does not accept liability for any errors or
omissions in the context of this message which arise as a result of Internet
transmission.
Northern Registrars Limited, Northern House, Woodsome Park, Fenay 
Bridge, Huddersfield. HD8 0LA.
Tel: +44 (0) 1484 600900  Fax: +44 (0) 1484 600911
For more information visit our web site: http://www.northernregistrars.co.uk
****************************************************************************************

The following packets are showing up in my IDS logs, but although the source address is part of our IP address range 
(62.254.170.9), it is not currently in use (and never has been in the past). Is someone using my IP address as a source 
address for spoofed packets? (IE, some sort of port scan) It's the only explanation I can think of.

The destination address (194.102.106.199) is listed under RIPE as a Roumanian Mobile telephone provider.

IDS is snort 1.7

[**] ICMP Destination Unreachable (Undefined Code!) [**]
03/27-10:22:18.379954 157.130.241.17 -> 62.254.170.9
ICMP TTL:242 TOS:0x0 ID:0 IpLen:20 DgmLen:56
Type:3  Code:1  DESTINATION UNREACHABLE: HOST UNREACHABLE
** ORIGINAL DATAGRAM DUMP:
62.254.170.9:7956 -> 194.102.106.199:13559
TCP TTL:27 TOS:0x0 ID:11252 IpLen:20 DgmLen:40
****PR*F Seq: 0x7D8A966F  Ack: 0x676F2E69  Win: 0xA35  TcpLen: 24
** END OF DUMP

[**] ICMP Destination Unreachable (Undefined Code!) [**]
03/27-10:38:57.840821 157.130.241.17 -> 62.254.170.9
ICMP TTL:242 TOS:0x0 ID:0 IpLen:20 DgmLen:56
Type:3  Code:1  DESTINATION UNREACHABLE: HOST UNREACHABLE
** ORIGINAL DATAGRAM DUMP:
62.254.170.9:36628 -> 194.102.106.199:13559
TCP TTL:27 TOS:0x0 ID:51188 IpLen:20 DgmLen:40
*2U*P*** Seq: 0x1D47586F  Ack: 0x3000D45  Win: 0x6572  TcpLen: 28  UrgPtr: 0x7430
** END OF DUMP

[**] ICMP Destination Unreachable (Undefined Code!) [**]
03/27-10:38:59.889824 157.130.241.17 -> 62.254.170.9
ICMP TTL:242 TOS:0x0 ID:0 IpLen:20 DgmLen:56
Type:3  Code:1  DESTINATION UNREACHABLE: HOST UNREACHABLE
** ORIGINAL DATAGRAM DUMP:
62.254.170.9:36628 -> 194.102.106.199:13559
TCP TTL:27 TOS:0x0 ID:51188 IpLen:20 DgmLen:40
*2U*P*** Seq: 0x1D47586F  Ack: 0x3000D45  Win: 0x6572  TcpLen: 28  UrgPtr: 0x7430
** END OF DUMP

[**] ICMP Destination Unreachable (Undefined Code!) [**]
03/27-11:20:13.659119 157.130.241.17 -> 62.254.170.9
ICMP TTL:242 TOS:0x0 ID:0 IpLen:20 DgmLen:56
Type:3  Code:1  DESTINATION UNREACHABLE: HOST UNREACHABLE
** ORIGINAL DATAGRAM DUMP:
62.254.170.9:42772 -> 194.102.106.199:13559
TCP TTL:27 TOS:0x0 ID:52724 IpLen:20 DgmLen:40
*2U*P**F Seq: 0x6C9F3D6F  Ack: 0x726E7265  Win: 0x7374  TcpLen: 24  UrgPtr: 0x7273
** END OF DUMP

[**] ICMP Destination Unreachable (Undefined Code!) [**]
03/27-11:29:07.882793 157.130.241.17 -> 62.254.170.9
ICMP TTL:242 TOS:0x0 ID:0 IpLen:20 DgmLen:56
Type:3  Code:1  DESTINATION UNREACHABLE: HOST UNREACHABLE
** ORIGINAL DATAGRAM DUMP:
62.254.170.9:57108 -> 194.102.106.199:13559
TCP TTL:27 TOS:0x0 ID:39924 IpLen:20 DgmLen:40
*2U*P*** Seq: 0x7C7D9E6F  Ack: 0x3000D45  Win: 0x6572  TcpLen: 28  UrgPtr: 0x7430
** END OF DUMP

[**] ICMP Destination Unreachable (Undefined Code!) [**]
03/27-11:45:16.769944 157.130.241.17 -> 62.254.170.9
ICMP TTL:242 TOS:0x0 ID:0 IpLen:20 DgmLen:56
Type:3  Code:1  DESTINATION UNREACHABLE: HOST UNREACHABLE
** ORIGINAL DATAGRAM DUMP:
62.254.170.9:20244 -> 194.102.106.199:13559
TCP TTL:27 TOS:0x0 ID:14324 IpLen:20 DgmLen:40
**U*PRSF Seq: 0x1C3A606F  Ack: 0x2F2F2F2F  Win: 0x2F2F  TcpLen: 8  UrgPtr: 0x2F2F
** END OF DUMP

[**] ICMP Destination Unreachable (Undefined Code!) [**]
03/27-11:45:17.958558 157.130.241.17 -> 62.254.170.9
ICMP TTL:242 TOS:0x0 ID:0 IpLen:20 DgmLen:56
Type:3  Code:1  DESTINATION UNREACHABLE: HOST UNREACHABLE
** ORIGINAL DATAGRAM DUMP:
62.254.170.9:20244 -> 194.102.106.199:13559
TCP TTL:27 TOS:0x0 ID:14324 IpLen:20 DgmLen:40
**U*PRSF Seq: 0x1C3A606F  Ack: 0x2F2F2F2F  Win: 0x2F2F  TcpLen: 8  UrgPtr: 0xA2F
** END OF DUMP

[**] ICMP Destination Unreachable (Undefined Code!) [**]
03/27-11:45:54.729861 157.130.241.17 -> 62.254.170.9
ICMP TTL:242 TOS:0x0 ID:0 IpLen:20 DgmLen:56
Type:3  Code:1  DESTINATION UNREACHABLE: HOST UNREACHABLE
** ORIGINAL DATAGRAM DUMP:
62.254.170.9:20244 -> 194.102.106.199:13559
TCP TTL:27 TOS:0x0 ID:14324 IpLen:20 DgmLen:40
**U*PRSF Seq: 0x1C3A606F  Ack: 0x2F2F2F2F  Win: 0x2F2F  TcpLen: 8  UrgPtr: 0xA2F
** END OF DUMP
Previous By Date Next
Previous By Thread Next

Current thread: