[techtalk] Traceroutes in logs

Kath ranger at optonline.net
Sat Apr 28 22:45:30 EST 2001 

Oh, I almost forgot I need to set off Echelon:

FBI CIA NSA IRS ATF BATF DOD WACO RUBY RIDGE OKC OKLAHOMA CITY MILITIA GUN HANDGUN MILGOV ASSAULT RIFLE TERRORISM BOMB DRUG HORIUCHI KORESH DAVIDIAN KAHL POSSE COMITATUS RANDY WEAVER VICKIE WEAVER SPECIAL FORCES LINDA THOMPSON SPECIAL OPERATIONS GROUP SOG SOF DELTA FORCE CONSTITUTION BILL OF RIGHTS WHITEWATER POM PARK ON METER ARKANSIDE IRAN CONTRAS OLIVER NORTH VINCE FOSTER PROMIS MOSSAD NASA MI5 ONI CID AK47 M16 C4 MALCOLM X REVOLUTION CHEROKEE HILLARY BILL CLINTON GORE GEORGE BUSH WACKENHUT TERRORIST TASK FORCE 160 SPECIAL OPS 12TH GROUP 5TH GROUP SF

- Kath
  ----- Original Message ----- 
  From: Kath 
  To: techtalk at linuxchix.org 
  Sent: Saturday, April 28, 2001 10:32 PM
  Subject: [techtalk] Traceroutes in logs


  Everyday, sometimes several times a day, I get a traceroute to my Lotus Notes/Domino NT4 server (ick ick ick.  I didn't set it up).  

  I've included a few log examples.

  Paranoid Me Says:
  Is someone using tracert to check for a hosts existence as a precursor to an attack?

  Curious Me Says:
  Is this some kind of internet host check thing to determine uptime/etc?

  Apr 28 20:21:57 hwnet snort: Windows Traceroute: 216.200.119.243 -> 207.127.75.xx

  Apr 28 07:26:36 hwnet snort: Windows Traceroute: 130.217.248.88 -> 207.127.75.xx

  Apr 28 04:45:46 hwnet snort: Windows Traceroute: 216.200.119.243 -> 207.127.75.xx

  Apr 27 21:55:22 hwnet snort: Windows Traceroute: 128.223.220.56 -> 207.127.75.xx

  Apr 27 04:44:24 hwnet snort: Windows Traceroute: 128.223.220.56 -> 207.127.75.xx

  Apr 26 21:34:02 hwnet snort: Windows Traceroute: 216.200.119.243 -> 207.127.75.xx

  Apr 26 02:53:36 hwnet snort: Windows Traceroute: 130.217.248.88 -> 207.127.75.xx

  Further investigation:

  Now an arin.net whois says that 216.200.119.243 is registered to Abovenet, which is based in Cali.  My l33t tracert skills spits out that the machine location looks like somewhere in/near Seattle?  216.200.119.243 resolves to caida.org (specifically lhr.skitter.caida.org) and the caida.org webpage says something about "Tools and analyses promoting the engineering and maintenance of a robust, scalable global Internet infrastructure".  Hmm.  Looks normal there.  Just some weirdos collecting internet info =)

  Next is: 130.217.248.88.  arin.net says 130.217.248.88 belongs to University of Waikato.  A DNS on the IP 130.217.248.88 reveals another caida.org address waikato.skitter.caida.org

  Final one is: 128.223.220.56.  Resolves to uoregon.skitter.caida.org.  

  I guess the moral is, don't get bent out of shape over simple tracerts.  Get even instead!  Freaking government robots after me!  Black helicopters!  Conspiracy!  Roswell!  Oswald was a patsy! ;)


  - Kath the slightly paranoid (Only slightly!)


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://linuxchix.org/pipermail/techtalk/attachments/20010428/eca87cd7/attachment.xhtml

More information about the Techtalk mailing list