Cristian Ionescu-Idbohrn <[EMAIL PROTECTED]> writes: [snip] >> How many hops away is the supposed source if you traceroute to it and how >> does that compare to the 17 the above would imply? > > How did you work the 17 out?
I assume that the box's OS is setting to the nearest power of two by default and that it's being decremented by one per router en-route as normal. In this case, (- 128 111) is 17 :) > Here's the traceroute: > > 1 x.y.z.1 ([EMAIL PROTECTED] ISP) 25.604 ms 23.43 ms 24.26 > ms [snip] > 16 151.99.29.222 (151.99.29.222) 284.126 ms 280.547 ms 287.283 ms > 17 80.17.211.142 (80.17.211.142) 405.897 ms 287.745 ms 284.2 ms > 18 151.99.29.100 (151.99.29.100) 284.638 ms 282.311 ms 299.727 ms > 19 62.211.198.163 (62.211.198.163) 603.76 ms 649.345 ms 653.241 ms OK. Either we have asymmetric routing or that packet is spoofed from something that's really 17 hops away in order to get your network (hence the broadcast) to attack a box that's really 19 hops away. Or the box is emitting dodgy packets itself (less likely). ~Tim -- <http://spodzone.org.uk/>
