[funsec] Interesting routes, info appreciated....
mouse at Rodents-Montreal.ORG
Mon Apr 20 22:21:44 CDT 2009
> I see in my log files that I get probed from 126.96.36.199 on an
> almost hourly basis (make dumb joke here), udp port scans, brute
> force password attempts, nothing to out of the ordinary which is why
> I ask help from the funsec community.
Sounds like a good candidate for border router blocking. But that
wasn't what you were asking....
> Check out this log and tell me what is going on here.
> Hop 12 is the handoff from Sprint to China net.
Everything past this point is of questionable reliability, at best.
> Hop 22 is a static route provided by GE with an IP of 188.8.131.52
> Hop 23 is DoD Experimental IP space
> Hop 24 is the host harassing me.
> Why would I see a static route from GE here and then DoD IP space? I
> am just curious as I think this is a strange path to get to the host
> that resides at hop 24.
Because someone in Chinanet is (ab)using 3/8 and 6/8 as if they were
RFC1918 space, would be my guess. Back when I was still bothering to
actively fight network abuse, Chinanet was one of the worst offenders,
one of the first I blanket-blocked.
If the net were run by people who cared more about having a
well-functioning net than something else (lining their own pockets
would be my guess, but I don't actually know), Chinanet would long ago
have been kicked off the net (or at least threatened with it; if the
threat of penalties were credible, it might work).
/~\ The ASCII Mouse
\ / Ribbon Campaign
X Against HTML mouse at rodents-montreal.org
/ \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
More information about the funsec