-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Someone in either CNCGROUP Beijing or Beijing Capital Telecom is using 6.0.0.0 IP address space for their internal IP addressing.
- - ferg On Mon, Apr 20, 2009 at 2:24 PM, Richard Golodner <[email protected]> wrote: > I see in my log files that I get probed from > 119.161.130.75 on an almost hourly basis (make dumb joke here), udp port > scans, brute force password attempts, nothing to out of the ordinary > which is why I ask help from the funsec community. Check out this log and > tell me what is going on here. > > Hop 12 is the handoff from Sprint to China net. > > Hop 22 is a static route provided by GE with an IP of 3.3.3.2 > > Hop 23 is DoD Experimental IP space > > Hop 24 is the host harassing me. > > Why would I see a static route from GE here and then DoD > IP space? I am just curious as I think this is a strange path to get to > the host that resides at hop 24. > > Please feel free to chime in with any ideas. I have no > clue, again. > > Thanks, Richard > > > > > > 1 1 ms 1 ms 1 ms 10.10.10.1 > > 2 13 ms 11 ms 10 ms 10.20.0.1 > > 3 7 ms 7 ms 7 ms vl2.aggr1.chgo.il.rcn.net > [207.229.191.130] > > 4 9 ms 7 ms 7 ms tge3-1.border2.eqnx.il.rcn.net > [207.172.19.159] > > 5 10 ms 7 ms 7 ms te-8-3.car3.Chicago1.Level3.net > [4.71.101.73] > > 6 10 ms 11 ms 7 ms ae-1-51.edge3.Chicago3.Level3.net > [4.68.101.20] > > 7 11 ms 8 ms 7 ms sl-st20-chi-5-0.sprintlink.net > [144.232.19.173] > > 8 10 ms 11 ms 12 ms sl-crs2-chi-0-12-2-0.sprintlink.net > [144.232.19.145] > > 9 31 ms 33 ms 30 ms sl-crs1-che-0-0-0-0.sprintlink.net > [144.232.20.161] > > 10 61 ms 58 ms 59 ms sl-crs1-stk-0-0-0-1.sprintlink.net > [144.232.20.241] > > 11 68 ms 60 ms 75 ms sl-crs2-sj-0-14-0-0.sprintlink.net > [144.232.24.34] > > 12 57 ms 59 ms 59 ms sl-st20-sj-13-0-0.sprintlink.net > [144.232.9.58] > > 13 156 ms 154 ms 154 ms sl-china1-7-0.sprintlink.net > [144.223.242.126] > > 14 337 ms 340 ms 339 ms 202.97.51.189 > > 15 352 ms 356 ms 364 ms 202.97.53.37 > > 16 340 ms 340 ms 340 ms 220.181.16.126 > > 17 357 ms 356 ms 355 ms 220.181.17.106 > > 18 354 ms 354 ms 356 ms 220.181.144.33 > > 19 348 ms 347 ms 351 ms 220.181.144.18 > > 20 349 ms 352 ms 351 ms 218.240.7.107 > > 21 349 ms 349 ms 353 ms 219.142.47.74 > > 22 350 ms 353 ms 349 ms n003-000-000-000.static.ge.com [3.3.3.2] > > 23 * 350 ms 352 ms 6.6.6.6 > > 24 351 ms 356 ms 353 ms 119.161.130.75 > -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.5.3 (Build 5003) wj8DBQFJ7Rjiq1pz9mNUZTMRAu0oAJ4nO95/Ysc8KuMc/oMw0vr7b5wWaQCgn+3+ A09qDUDqq81tpivLOK5MS3k= =dM/u -----END PGP SIGNATURE----- -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawgster(at)gmail.com ferg's tech blog: http://fergdawg.blogspot.com/ _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
