On Wed, 21 Feb 2001, Mark Lo wrote:

> Hi all,
>
>      From my log files, I got the following messages.  I know the below IP
> address is coming from the same network as I do.  and I have checked the IP
> address (203.194.161.2 and 203.194.161.3) with my ISP, they told me the IP
> of 203.194.161.2 and 203.194.161.3 are routers.  And they have confirmed
> that they didn't send me such packet.  As the result, It may be spoof
> packet.  So, how can I stop people sending me thoes packet or how to find
> out the sources (where are the packet come from).  I got tones of those
> garbages in my log files.  It's filling up my disk space.
>
>
> Feb 20 07:26:08 dns1 kernel: Packet log: input DENY eth0 PROTO=17
> 203.194.161.2:1985 224.0.0.2:1985 L=48 S=0xC0 I=0 F=0x0000 T=2 (#41)


Spoofed?  maybe...  then again, More often than not, I find that the ISP
staff i usually either clueless (does happen sometimes) or just doesnt
want you to know that they screwed up (more often than not) or just doesnt
care and wants to get you off the phone, so they say, Hey, its not us!

According to www.arin.net/whois:

Asia Pacific Network Information Center (APNIC2)
        These addresses have been further assigned to Asia-Pacific users.
        Contact information can be found in the APNIC database,
        at WHOIS.APNIC.NET or http://www.apnic.net/
        Please do not send spam complaints to APNIC.

        Netname: APNIC-CIDR-BLK
        Netblock: 202.0.0.0 - 203.255.255.255
        Maintainer: AP

        Coordinator:
           Administrator, System  (SA90-ARIN)  [EMAIL PROTECTED]
           +61-7-3367-0490

        Domain System inverse mapping provided by:

        SVC00.APNIC.NET              202.12.28.131
        NS.APNIC.NET                 203.37.255.97
        NS.TELSTRA.NET               203.50.0.137
        NS.RIPE.NET                  193.0.0.193

        Regional Internet Registry for the Asia-Pacific Region.

        *** Use whois -h whois.apnic.net                      ***
        *** or see http://www.apnic.net/db/ for database assistance   ***


        Record last updated on 18-Jun-1999.
        Database last updated on 21-Feb-2001 07:13:10 EDT.

Accordign to APNIC:

Search results for '203.194.161.2'

       inetnum              203.194.128.0 - 203.194.191.255
       netname              IADVANTAGE
       descr                iAdvantage Limited
       country              HK
       admin-c              ATWY1-AP, inverse
       tech-c               BL26-AP, inverse
       tech-c               HM55-AP, inverse
       mnt-by               APNIC-HM, inverse
       mnt-lower            MAINT-HK-IS, inverse
       changed              [EMAIL PROTECTED] 20001018
       source               APNIC


       person               Alex Tam Wing Yiu, inverse
       address              iAdvantage Ltd.
       address              36/F Standard Chartered Tower II
       address              Millennium City, 388 Kwun Tong Road
       address              Kwun Tong, Hong Kong
       phone                +852-22088328
       fax-no               +852-22672237
       country              HK
       e-mail               [EMAIL PROTECTED], inverse
       nic-hdl              ATWY1-AP, inverse
       mnt-by               MAINT-NULL, inverse
       changed              [EMAIL PROTECTED] 19991116
       source               APNIC


       person               Ben Li, inverse
       address              36/F, Standard Chartered Tower
       address              Millennium City, 388 Kwun Tong Road
       address              Kwun Tong, Hong Kong
       phone                +852-22088320
       fax-no               +852-22672237
       country              HK
       e-mail               [EMAIL PROTECTED], inverse
       nic-hdl              BL26-AP, inverse
       mnt-by               MAINT-HK-IS, inverse
       changed              [EMAIL PROTECTED] 19991116
       source               APNIC


       person               iAdvantage hostmaster, inverse
       address              iAdvantage Limited
       address              36/F, Standard Chartered Tower,
       address              Millennium City, 388 Kwun Tong Road
       phone                +852-22088338
       fax-no               +852-22672237
       country              HK
       e-mail               [EMAIL PROTECTED], inverse
       nic-hdl              HM55-AP, inverse
       mnt-by               MAINT-HK-IS, inverse
       changed              [EMAIL PROTECTED] 20000121
       source               APNIC

So, who knows?  Can you stop them from sending packets?  probably not.
Can you do anything?  probably, your firewall is doing its job if those
packets are getting dumped...

Also, go to securityfocus.com and supscribe to the incidents list and see
what the people there have to say.  They do a lot with odd packets,
scanning, etc, as well as forensics when tracing odd activity.





_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list

Reply via email to