On Monday, November 25, 2002, at 11:52 PM, Ray Olszewski wrote:
But while those assumptions hold true for Linux traceroute (and even with it, most can be changed via command-line flags), other implementations of traceroute need not follow them. Were I to guess about this traffic, I'd suspect it is from one of those companies that say they "measure" network performance (and sell some service to optimize it). An alternative is some sort of preliminary to a DoS attack (at one packet every 4 seconds, this traffic itself is no DoS), but this seems a remote possibility. Nothing else (bsides traceroute) officially uses this port range, but I suppose some P2P service might make use of it in a traceroute-like manner.It's 14 hops from me. As an added note, it's still going, I just checked my firewall stats page (Bering rc4 for what its worth), and i've got 196 hits from this IP for what that's worth. Also interesting is that according the ARIN's whois look-up, the block of IP that this is in apparently belongs to the Dell Computer Corporation -- is this some way of saying "Dude! You're getting a Dell!"?
BTW, while the source address is neither ping-able nor reverse-resolvable, I can traceroute to it. You might do so to see how many hops from you it is (it is only 17 hops from me).
So yes, it's not a DOS, not even really close, though at 196 hits and counting, it's getting a bit annoying. More than anything else, I'd love to know what on earth it is, since if it's a traceroute, why does it keep repeating every minute or two. No one on my LAN is running any P2P apps (there's only three boxes connected :) ), so I think I can probably rule that out as a possibility -- I'm kind of at a loss. Of course at this point, i'm hoping that I've allocated enough memory for my log files, though I guess I'll find out :)
-arif
-------------------------------------------------------
This SF.net email is sponsored by: Get the new Palm Tungsten T handheld. Power & Color in a compact size! http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0002en
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
