Port Scan
David Gibson
david at gibson.dropbear.id.au
Fri Oct 12 06:19:20 EST 2001
On Fri, Oct 12, 2001 at 12:25:48AM +1000, Rasjid wrote:
> Having installed Smoothwall recently, I've been curious to see just how
> much scanning I am subject to. It seems that I had a scan from
> 61.183.133.14
>
> What interested me was the traceroute:
>
> traceroute to 61.183.133.14 (61.183.133.14), 30 hops max, 38 byte
> packets
> 1 <me>
> <snip>
> 5 GigabitEthernet0-0-0.civ-core2.Canberra.telstra.net (203.50.10.129)
> 99.589 ms 98.745 ms 109.615
> ms
> <snip>
> 10 GigabitEthernet4-0.wel-gw1.Perth.telstra.net (203.50.113.18)
> 159.559 ms 148.766 ms 149.717 ms
> 11 wel-hkt.HongKong.net.reach.com (203.50.126.70) 239.605 ms 248.786
> ms 249.513 ms
> <snip>
> 17 p-2-1-r1-a-hbwh-1.cn.net (202.97.40.50) 519.347 ms 508.721 ms
> 519.378 ms
> 18 202.103.28.1 (202.103.28.1) 519.378 ms 508.843 ms 509.351 ms
> 19 202.110.130.2 (202.110.130.2) 509.443 ms 518.754 ms 509.495 ms
> 20 192.168.17.1 (192.168.17.1) 539.499 ms 475.948 ms 479.551 ms
> 21 61.183.133.14 (61.183.133.14) 1248.956 ms 588.728 ms 589.466 ms
>
> Hop 20: I didn't think that 192.168.17.1 was a routable address, or have
> I misunderstood something? Or is this a case of IP spoofing in the act?
More likely an ISP that's using the private address for a hop inside
their network and haven't configured their routers properly to hide it
from the outside world.
--
David Gibson | For every complex problem there is a
david at gibson.dropbear.id.au | solution which is simple, neat and
| wrong. -- H.L. Mencken
http://www.ozlabs.org/people/dgibson
More information about the linux
mailing list