Try running a tcpdump on your firewall, then trace it from there backwards > -----Original Message----- > From: Arif Mamdani [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, November 26, 2002 07:16 > To: Ray Olszewski > Cc: [EMAIL PROTECTED] > Subject: Re: [leaf-user] strange firewall logs > > > > On Monday, November 25, 2002, at 11:52 PM, Ray Olszewski wrote: > > But while those assumptions hold true for Linux traceroute (and even > > with it, most can be changed via command-line flags), other > > implementations of traceroute need not follow them. Were I to guess > > about this traffic, I'd suspect it is from one of those > companies that > > say they "measure" network performance (and sell some service to > > optimize it). An alternative is some sort of preliminary to a DoS > > attack (at one packet every 4 seconds, this traffic itself > is no DoS), > > but this seems a remote possibility. Nothing else (bsides > traceroute) > > officially uses this port range, but I suppose some P2P > service might > > make use of it in a traceroute-like manner. > > > > BTW, while the source address is neither ping-able nor > > reverse-resolvable, I can traceroute to it. You might do so > to see how > > many hops from you it is (it is only 17 hops from me). > > > It's 14 hops from me. As an added note, it's still going, I just > checked my firewall stats page (Bering rc4 for what its worth), and > i've got 196 hits from this IP for what that's worth. Also > interesting > is that according the ARIN's whois look-up, the block of IP that this > is in apparently belongs to the Dell Computer Corporation -- is this > some way of saying "Dude! You're getting a Dell!"? > > So yes, it's not a DOS, not even really close, though at 196 hits and > counting, it's getting a bit annoying. More than anything else, I'd > love to know what on earth it is, since if it's a traceroute, > why does > it keep repeating every minute or two. No one on my LAN is > running any > P2P apps (there's only three boxes connected :) ), so I think I can > probably rule that out as a possibility -- I'm kind of at a loss. Of > course at this point, i'm hoping that I've allocated enough > memory for > my log files, though I guess I'll find out :) > > -arif > > > > ------------------------------------------------------- > This SF.net email is sponsored by: Get the new Palm Tungsten T > handheld. Power & Color in a compact size! > http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0002en > -------------------------------------------------------------- > ---------- > leaf-user mailing list: [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/l> eaf-user > SR > FAQ: > http://leaf-project.org/pub/doc/docmanager/docid_1891.html >
------------------------------------------------------- This SF.net email is sponsored by: Get the new Palm Tungsten T handheld. Power & Color in a compact size! http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0002en ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
