On Tue, Sep 11, 2001 at 06:47:27PM +0800 or thereabouts, Fritz Mesedilla wrote:
> can anyone suggest a good trace program or trace router?
> i received another code red or sircam attempt:
>
> 210.102.220.95 - - [11/Sep/2001:18:48:20 +0800] "GET
> /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
> XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
> XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
> XXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%
> u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a
> HTTP/1.0" 404 334
>
> kawawa naman sysad nito. tinamaan siya ng virus.
> now there is also someone trying to ping flood us...
>
> kernel: IP_MASQ:reverse ICMP: failed checksum from 203.167.81.150!
>
> Our junior sysad was able to trace this to a Drivenet company. Local siya.
> Mukhang naka-pre-paid card yung mokong.
>
> Anyway, sana mabigyan niyo ako ng tracing program. Something that can give
> me an idea who is trying to enter our servers.
>
all linux have "traceroute" included either by default or optional.
check your distro if you have to install it pa.
prepaid card users shouldn't be blamed outright for this icmp thingie.
the problem is with the company selling this prepaid cards. i for one
get alot of triggers in my firewall coming from the prepaid network.
their use of mask 255.255.255.255 is one cause of this stupidity.
--
"In is out and out is in. But out is out and in is in."
-- Pumbaa
PGP signature
