On Sun, Dec 31, 2000 at 02:30:25PM -0600, Richard Cobbe wrote:
> Either way, it's still a private IP address range. NOBODY should let
> packets with one of these addresses, either as source or destination, cross
> a network boundary. If the ISP is getting this traffic from its upstrea
> provider,
Looks like HP OpenView or some other network management tool with
auto-discovery turned on is wasting bandwidth on your corporate network.
(And I say that because...)
161 is SNMP's port number.
It's happening at regular intervals.
172.16.0.0/20 is private address space reserved IP's.
And...
I'v
On Sun, Dec 31, 2000 at 08:32:48PM -0600, Richard Cobbe wrote:
> Uh oh. And you're still getting these log messages? That's probably not
> good. It's possible that lsof could slip through the cracks, so to speak,
> but it's pretty unlikely.
>
> > Just yesterday I got another machine connected t
On Sun, Dec 31, 2000 at 08:32:48PM -0600, Richard Cobbe wrote:
> Lo, on Sunday, December 31, JD Kitch did write:
>
> > > Now, find out *who's* sending this traffic. Make sure you've got the
> > > lsof-2.2 package installed. As root, run
> > >
> > > lsof | grep 61662 | grep -i udp
> >
> > I do
On Tue, Jan 02, 2001 at 02:09:20AM -0600, will trillich wrote:
> i've got something quite similar to this, but mine's on INPUT--
>
> Jan 2 01:18:48 server kernel: Packet log: input DENY eth0 PROTO=1
> 172.156.51.114:10 224.0.0.2:0 L=28 S=0x00 I=8964 F=0x T=128 (#9)
> Jan 2 01:18:51 server k
On Sun, Dec 31, 2000 at 05:25:54PM -0600, Richard Cobbe wrote:
> JD Kitch <[EMAIL PROTECTED]> wrote:
> > Can anyone tell me what this person is looking for here, and how I
> > can find out where this is coming from?
> >
> > Security Violations
> > =-=-=-=-=-=-=-=-=-=
> > Dec 31 11:06:47 tower kern
Lo, on Sunday, December 31, JD Kitch did write:
> > Now, find out *who's* sending this traffic. Make sure you've got the
> > lsof-2.2 package installed. As root, run
> >
> > lsof | grep 61662 | grep -i udp
>
> I do have that package, but this command turned up no output.
Uh oh. And you're st
On Sun, Dec 31, 2000 at 06:20:50PM -0700, John Galt wrote:
> You are forbidden from posting for the rest of the millenium. Since it's
> 6pm MST on the eve of the millennium, this shouldn't be too hard :)
Punishment accepted.
See youse all next year!
--
Bob Bernstein
at
Esmond, Rhode Island,
You are forbidden from posting for the rest of the millenium. Since it's
6pm MST on the eve of the millennium, this shouldn't be too hard :)
On Sun, 31 Dec 2000, Bob Bernstein wrote:
> *** Retraction ***
>
> On Sun, Dec 31, 2000 at 03:36:13PM -0500, Bob Bernstein wrote:
>
> > What I gather i
On Sun, 31 Dec 2000 17:17:46 -0700, JD Kitch said:
> > Now, find out *who's* sending this traffic. Make sure you've got the
> > lsof-2.2 package installed. As root, run
> >
> > lsof | grep 61662 | grep -i udp
>
> I do have that package, but this command turned up no output.
You did thi
On Sun, Dec 31, 2000 at 04:18:30PM -0600, Richard Cobbe wrote:
> JD Kitch <[EMAIL PROTECTED]> wrote:
> > Security Violations
> > =-=-=-=-=-=-=-=-=-=
> > Dec 31 11:06:47 tower kernel: Packet log: output REJECT eth0 PROTO=17
> > xx.xx.xxx.xx:61662 172.16.72.113:161 L=106 S=0x00 I=7632 F=0x T=127
JD Kitch <[EMAIL PROTECTED]> wrote:
> Can anyone tell me what this person is looking for here, and how I
> can find out where this is coming from?
>
> Security Violations
> =-=-=-=-=-=-=-=-=-=
> Dec 31 11:06:47 tower kernel: Packet log: output REJECT eth0 PROTO=17
> xx.xx.xxx.xx:61662 172.16.72.
On Sun, Dec 31, 2000 at 03:36:13PM -0500, Bob Bernstein wrote:
> On Sun, Dec 31, 2000 at 12:16:59PM -0700, JD Kitch wrote:
>
> > Dec 31 11:06:47 tower kernel: Packet log: output REJECT eth0 PROTO=17
> > xx.xx.xxx.xx:61662 172.16.72.113:161 L=106 S=0x00 I=7632 F=0x T=127
> > (#43)
>
> I don'
*** Retraction ***
On Sun, Dec 31, 2000 at 03:36:13PM -0500, Bob Bernstein wrote:
> What I gather is that this could be a student at isi.edu, which is
> apparently part of the Univ. of California,
File this message under: Big Dummy Posts We Wish We Never Made
It's all brain-dead nonsense, based
on Sun, Dec 31, 2000 at 12:16:59PM -0700, JD Kitch ([EMAIL PROTECTED]) wrote:
> Can anyone tell me what this person is looking for here, and how I
> can find out where this is coming from?
traceroute
--
Karsten M. Self http://kmself.home.netcom.com/
Evangelist, Zelerate, Inc.
On Sun, Dec 31, 2000 at 12:16:59PM -0700, JD Kitch wrote:
> Dec 31 11:06:47 tower kernel: Packet log: output REJECT eth0 PROTO=17
> xx.xx.xxx.xx:61662 172.16.72.113:161 L=106 S=0x00 I=7632 F=0x T=127 (#43)
I don't know what tool generated this log entry. This is a situation where a
good IDS
Lo, on Sunday, December 31, Pollywog did write:
>
> On Sun, 31 Dec 2000 13:55:26 -0600 (CST), Richard Cobbe said:
>
> >
> > Did you change your IP address in the above report? IIRC, 172.16.*.* is
> > a block of private addresses. Packets to this address should be dropped
> > automatically b
Lo, on Sunday, December 31, ktb did write:
> On Sun, Dec 31, 2000 at 12:16:59PM -0700, JD Kitch wrote:
> > Security Violations
> > =-=-=-=-=-=-=-=-=-=
> > Dec 31 11:06:47 tower kernel: Packet log: output REJECT eth0 PROTO=17
> > xx.xx.xxx.xx:61662 172.16.72.113:161 L=106 S=0x00 I=7632 F=0x T=
On Sun, 31 Dec 2000 13:55:26 -0600 (CST), Richard Cobbe said:
>
> Did you change your IP address in the above report? IIRC, 172.16.*.* is
> a block of private addresses. Packets to this address should be dropped
> automatically by an upstream router. My guess, therefore, is that these
> tr
On Sun, 31 Dec 2000 13:34:02 -0600, ktb said:
> On Sun, Dec 31, 2000 at 12:16:59PM -0700, JD Kitch wrote:
> > Can anyone tell me what this person is looking for here, and how I
> > can find out where this is coming from?
> >
> > Security Violations
> > =-=-=-=-=-=-=-=-=-=
> > Dec 31 11:06:
On Sun, 31 Dec 2000 12:16:59 MST, JD Kitch writes:
>Can anyone tell me what this person is looking for here, and how I
>can find out where this is coming from?
port 161 is snmp, so it looks like someone“s trying to get information
about your machine (or something at your ISP or the like is
mis
Lo, on Sunday, December 31, JD Kitch did write:
> Can anyone tell me what this person is looking for here, and how I
> can find out where this is coming from?
>
> Security Violations
> =-=-=-=-=-=-=-=-=-=
> Dec 31 11:06:47 tower kernel: Packet log: output REJECT eth0 PROTO=17
> xx.xx.xxx.xx:6166
whois 172.16.72.113
IANA (IANA-BBLK-RESERVED)
Internet Assigned Numbers Authority
Information Sciences Institute
University of Southern California
4676 Admiralty Way, Suite 330
Marina del Rey, CA 90292-6695
Netname: IANA-BBLK-RESERVED
Netblock: 172.16.0.0 - 172.31.0.0
from wh
On Sun, Dec 31, 2000 at 12:16:59PM -0700, JD Kitch wrote:
> Can anyone tell me what this person is looking for here, and how I
> can find out where this is coming from?
>
> Security Violations
> =-=-=-=-=-=-=-=-=-=
> Dec 31 11:06:47 tower kernel: Packet log: output REJECT eth0 PROTO=17
> xx.xx.xx
Can anyone tell me what this person is looking for here, and how I
can find out where this is coming from?
Security Violations
=-=-=-=-=-=-=-=-=-=
Dec 31 11:06:47 tower kernel: Packet log: output REJECT eth0 PROTO=17
xx.xx.xxx.xx:61662 172.16.72.113:161 L=106 S=0x00 I=7632 F=0x T=127 (#43)
De
25 matches
Mail list logo