Re: Is this a traceroute?

From: Blake Frantz (blakeat_private)
Date: Thu Jul 26 2001 - 09:31:12 PDT
Next message: Kelvin: "Re: Network attack from S1 Corporation"
Previous message: Valdis.Kletnieksat_private: "Re: MISC Large ICMP Packet"
In reply to: Ford Prefect: "Is this a traceroute?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Looks like it to me.

<man traceroute>

"The only mandatory parameter is the destination host name or IP number.
The default probe datagram length is 40 bytes, but this may be increased
by specifying a packet length (in bytes) after the destination host name.
...

 -p     Set  the  base UDP port number used in probes (default is 33434).
Traceroute hopes .... "
</man traceroute>

Notice the Length of 40 and the destination port ~ 33400 + <probe number>

hope this helps.

-Blake

================================================================= 
The Government, like diapers, should be replaced regularly, and
often for the same reasons. 

On Wed, 25 Jul 2001, Ford Prefect wrote:

> I'm not worried about this scan, simply because I'm confident in my
> firewall (namely 'cause almost everything's closed off, and what isn't I
> keep up with on exploits and such), but I usually raise an eyebrow when
> there's more than a packet or two.  Before I fire off a letter to some
> ISP, however, is this "scan" a traceroute that failed because of the
> firewall?  I wouldn't consider myself strong enough with packet
> fingerprinting to just look at it and know, so I want to ask here before
> I make an ass of myself to another admin *grin*
> 
> (IP addresses filtered out)
> 
> Jul 20 18:38:10 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33507 L=40 S=0x00 I=53411 F=0x0000 T=1 (#65)
> Jul 20 18:38:15 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33508 L=40 S=0x00 I=53412 F=0x0000 T=1 (#65)
> Jul 20 18:38:20 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33509 L=40 S=0x00 I=53413 F=0x0000 T=1 (#65)
> Jul 20 18:38:25 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33510 L=40 S=0x00 I=53414 F=0x0000 T=2 (#65)
> Jul 20 18:38:30 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33511 L=40 S=0x00 I=53415 F=0x0000 T=2 (#65)
> Jul 20 18:38:35 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33512 L=40 S=0x00 I=53416 F=0x0000 T=2 (#65)
> Jul 20 18:38:40 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33513 L=40 S=0x00 I=53417 F=0x0000 T=3 (#65)
> Jul 20 18:38:45 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33514 L=40 S=0x00 I=53418 F=0x0000 T=3 (#65)
> Jul 20 18:38:50 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33515 L=40 S=0x00 I=53419 F=0x0000 T=3 (#65)
> Jul 20 18:38:55 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33516 L=40 S=0x00 I=53420 F=0x0000 T=4 (#65)
> Jul 20 18:39:00 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33517 L=40 S=0x00 I=53421 F=0x0000 T=4 (#65)
> Jul 20 18:39:05 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33518 L=40 S=0x00 I=53422 F=0x0000 T=4 (#65)
> Jul 20 18:39:10 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33519 L=40 S=0x00 I=53423 F=0x0000 T=5 (#65)
> Jul 20 18:39:15 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33520 L=40 S=0x00 I=53424 F=0x0000 T=5 (#65)
> Jul 20 18:39:20 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33521 L=40 S=0x00 I=53425 F=0x0000 T=5 (#65)
> Jul 20 18:39:25 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33522 L=40 S=0x00 I=53426 F=0x0000 T=6 (#65)
> Jul 20 18:39:30 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33523 L=40 S=0x00 I=53427 F=0x0000 T=6 (#65)
> Jul 20 18:39:35 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33524 L=40 S=0x00 I=53428 F=0x0000 T=6 (#65)
> Jul 20 18:39:40 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33525 L=40 S=0x00 I=53429 F=0x0000 T=7 (#65)
> Jul 20 18:39:45 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33526 L=40 S=0x00 I=53430 F=0x0000 T=7 (#65)
> Jul 20 18:39:50 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33527 L=40 S=0x00 I=53431 F=0x0000 T=7 (#65)
> Jul 20 18:39:55 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33528 L=40 S=0x00 I=53432 F=0x0000 T=8 (#65)
> Jul 20 18:40:00 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33529 L=40 S=0x00 I=53433 F=0x0000 T=8 (#65)
> Jul 20 18:40:05 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33530 L=40 S=0x00 I=53434 F=0x0000 T=8 (#65)
> Jul 20 18:40:10 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33531 L=40 S=0x00 I=53435 F=0x0000 T=9 (#65)
> Jul 20 18:40:15 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33532 L=40 S=0x00 I=53436 F=0x0000 T=9 (#65)
> Jul 20 18:40:20 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33533 L=40 S=0x00 I=53437 F=0x0000 T=9 (#65)
> Jul 20 18:40:25 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33534 L=40 S=0x00 I=53438 F=0x0000 T=10 (#65)
> Jul 20 18:40:30 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33535 L=40 S=0x00 I=53439 F=0x0000 T=10 (#65)
> Jul 20 18:40:35 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33536 L=40 S=0x00 I=53440 F=0x0000 T=10 (#65)
> Jul 20 18:40:40 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33537 L=40 S=0x00 I=53441 F=0x0000 T=11 (#65)
> Jul 20 18:40:45 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33538 L=40 S=0x00 I=53442 F=0x0000 T=11 (#65)
> Jul 20 18:40:50 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33539 L=40 S=0x00 I=53443 F=0x0000 T=11 (#65)
> Jul 20 18:40:55 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33540 L=40 S=0x00 I=53444 F=0x0000 T=12 (#65)
> Jul 20 18:41:00 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33541 L=40 S=0x00 I=53445 F=0x0000 T=12 (#65)
> Jul 20 18:41:05 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33542 L=40 S=0x00 I=53446 F=0x0000 T=12 (#65)
> Jul 20 18:41:20 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33545 L=40 S=0x00 I=53449 F=0x0000 T=13 (#65)
> Jul 20 18:41:25 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33546 L=40 S=0x00 I=53450 F=0x0000 T=14 (#65)
> Jul 20 18:41:30 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33547 L=40 S=0x00 I=53451 F=0x0000 T=14 (#65)
> Jul 20 18:41:35 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33548 L=40 S=0x00 I=53452 F=0x0000 T=14 (#65)
> Jul 20 18:41:40 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33549 L=40 S=0x00 I=53453 F=0x0000 T=15 (#65)
> Jul 20 18:41:45 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33550 L=40 S=0x00 I=53454 F=0x0000 T=15 (#65)
> Jul 20 18:41:50 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33551 L=40 S=0x00 I=53455 F=0x0000 T=15 (#65)
> Jul 20 18:41:55 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33552 L=40 S=0x00 I=53456 F=0x0000 T=16 (#65)
> Jul 20 18:42:00 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33553 L=40 S=0x00 I=53457 F=0x0000 T=16 (#65)
> Jul 20 18:42:05 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33554 L=40 S=0x00 I=53458 F=0x0000 T=16 (#65)
> Jul 20 18:42:10 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33555 L=40 S=0x00 I=53459 F=0x0000 T=17 (#65)
> Jul 20 18:42:15 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33556 L=40 S=0x00 I=53460 F=0x0000 T=17 (#65)
> Jul 20 18:42:20 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33557 L=40 S=0x00 I=53461 F=0x0000 T=17 (#65)
> Jul 20 18:42:25 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33558 L=40 S=0x00 I=53462 F=0x0000 T=18 (#65)
> Jul 20 18:42:30 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33559 L=40 S=0x00 I=53463 F=0x0000 T=18 (#65)
> Jul 20 18:42:35 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33560 L=40 S=0x00 I=53464 F=0x0000 T=18 (#65)
> Jul 20 18:42:40 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33561 L=40 S=0x00 I=53465 F=0x0000 T=19 (#65)
> Jul 20 18:42:46 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33562 L=40 S=0x00 I=53466 F=0x0000 T=19 (#65)
> Jul 20 18:42:50 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33563 L=40 S=0x00 I=53467 F=0x0000 T=19 (#65)
> Jul 20 18:42:55 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33564 L=40 S=0x00 I=53468 F=0x0000 T=20 (#65)
> Jul 20 18:43:00 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33565 L=40 S=0x00 I=53469 F=0x0000 T=20 (#65)
> Jul 20 18:43:05 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33566 L=40 S=0x00 I=53470 F=0x0000 T=20 (#65)
> Jul 20 18:43:11 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33567 L=40 S=0x00 I=53471 F=0x0000 T=21 (#65)
> Jul 20 18:43:15 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33568 L=40 S=0x00 I=53472 F=0x0000 T=21 (#65)
> Jul 20 18:43:21 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33569 L=40 S=0x00 I=53473 F=0x0000 T=21 (#65)
> Jul 20 18:43:26 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33570 L=40 S=0x00 I=53474 F=0x0000 T=22 (#65)
> Jul 20 18:43:31 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33571 L=40 S=0x00 I=53475 F=0x0000 T=22 (#65)
> Jul 20 18:43:36 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33572 L=40 S=0x00 I=53476 F=0x0000 T=22 (#65)
> Jul 20 18:43:41 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33573 L=40 S=0x00 I=53477 F=0x0000 T=23 (#65)
> Jul 20 18:43:46 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33574 L=40 S=0x00 I=53478 F=0x0000 T=23 (#65)
> Jul 20 18:43:51 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33575 L=40 S=0x00 I=53479 F=0x0000 T=23 (#65)
> 
> 
> 
> -- 
> Steve Huston - New Jersey, USA        |        ICBM: 39.458278 -74.65117
> "Listen, your friends have been broken, they tell us of your poison; now
>  we know.  Kill them, give them as they give us.  Slay them, burn their
>  children's laughter - On To Hell."  -- Yes, "The Gates of Delirium"
> 


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com
Next message: Kelvin: "Re: Network attack from S1 Corporation"
Previous message: Valdis.Kletnieksat_private: "Re: MISC Large ICMP Packet"
In reply to: Ford Prefect: "Is this a traceroute?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
This archive was generated by hypermail 2b30 : Thu Jul 26 2001 - 12:09:17 PDT