RE: [plug] ip address trace route

Tue, 11 Sep 2001 04:51:35 -0700 

Hehehe!

Fritz Mesedilla
Systems Administrator

Summit Interactive, Inc.
FHM | Seventeen | Candy | Cosmopolitan | Preview | Good Housekeeping
femalenetwork.com | candymag.com | fhm.com.ph | cosmo.com.ph

Palm Pilot Software: TVSked - Download from the link below
----------------------------------------------------------------------------
http://mesedilla.tripod.com           +Basta Ikaw Lord
-----Original Message-----
From: Rino Mardo [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, September 11, 2001 7:48 PM
To: PLUG Mailing List
Subject: Re: [plug] ip address trace route


On Tue, Sep 11, 2001 at 06:47:27PM +0800 or thereabouts, Fritz Mesedilla
wrote:
> can anyone suggest a good trace program or trace router?
> i received another code red or sircam attempt:
>
> 210.102.220.95 - - [11/Sep/2001:18:48:20 +0800] "GET
>
/default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
>
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
>
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
>
XXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%
> u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a
> HTTP/1.0" 404 334
>
> kawawa naman sysad nito. tinamaan siya ng virus.
> now there is also someone trying to ping flood us...
>
> kernel: IP_MASQ:reverse ICMP: failed checksum from 203.167.81.150!
>
> Our junior sysad was able to trace this to a Drivenet company. Local siya.
> Mukhang naka-pre-paid card yung mokong.
>
> Anyway, sana mabigyan niyo ako ng tracing program. Something that can give
> me an idea who is trying to enter our servers.
>
all linux have "traceroute" included either by default or optional.
check your distro if you have to install it pa.
prepaid card users shouldn't be blamed outright for this icmp thingie.
the problem is with the company selling this prepaid cards.  i for one
get alot of triggers in my firewall coming from the prepaid network.
their use of mask 255.255.255.255 is one cause of this stupidity.
--
"In is out and out is in.  But out is out and in is in."
        -- Pumbaa

_
Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph
To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]

To subscribe to the Linux Newbies' List: send "subscribe" in the body to 
[EMAIL PROTECTED]

Reply via email to