On Thu, 19 Jul 2001 20:20:47 -0400
Devon <[EMAIL PROTECTED]> wrote:
>
> Anyone have a clue as to why I am seeing these packets in my logs? They
> occur, normally never more than one an hour, several times a day. These
> have been showing up for the past several days.
> The logs don't bother me, it's the fact that I can't figure out what is
> generating the packets in the first place.
> Any clues would be appreciated.
>
> eth0 is my external interface.
>
> Jul 19 09:30:34 tuxfan kernel: PACKET DROPPED:IN=eth0 OUT=
> MAC=00:a0:cc:e5:09:4e:00:d0:ba:a8:02:70:08:00 SRC=202.97.33.9
> DST=24.241.42.144 LEN=56 TOS=0x00 PREC=0x00 TTL=244 ID=0 PROTO=ICMP
> TYPE=11 CODE=0 [SRC=24.241.42.144 DST=205.216.80.23 LEN=48 TOS=0x00
> PREC=0x00 TTL=1 ID=6662 DF PROTO=TCP SPT=1202 DPT=1244 WINDOW=0
> RES=0x00 URGP=0 ]
<snip>
---------
# whois 24.241.42.144
High Speed Access Corp (NETBLK-HSACORP-2BLK) HSACORP-2BLK
24.240.0.0 - 24.241.191.255
High Speed Access Corp. (NETBLK-HSCA-WORCHEST-3) HSCA-WORCHEST-3
24.241.42.0 - 24.241.42.255
To single out one record, look it up with "!xxx", where xxx is the
handle, shown in parenthesis following the name, which comes first.
# whois NETBLK-HSACORP-2BLK
High Speed Access Corp (NETBLK-HSACORP-2BLK) HSACORP-2BLK
24.240.0.0 - 24.241.191.255
NETBLK-HSACORP-2BLK (ZN52-ARIN) [EMAIL PROTECTED] 502-420-7200
------------------
High Speed Access Corp is an ISP situated in Denver, CO. The netblk listed is within
the home.com network so they are probably licensed to use part of the @home cable
network. Type 11 Code 0 ICMP packets are the "time exceeded" packets used in
traceroute. Perhaps somebody is trying to see if your box is alive for some reason.
Jack
_______________________________________________
Seawolf-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/seawolf-list
