North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Tracing where it started

  • From: Daniel Senie
  • Date: Sat Jan 25 22:07:49 2003

At 05:52 PM 1/25/2003, you wrote:


Our first (this is EST):

Jan 25 00:29:44 external.firewall1.oct.nac.net firewalld[109]: deny in
eth0 404 udp 20 114 61.103.121.140 66.246.x.x 3546 14
34 (default)

61.103.121.140 = a host somewhere on GBLX
Our first ones came from:

1. L(3) space, swip'd out to an outfit in Florida
2. Sprint space, swip'd out to an outfit in Indiana
3. repeat of #1
4. Korea
5. Korea

All times are EST and UTC, and locked to a stratum 1 time source. Any researcher who needs the full logs need only ask. Our firewalling didn't permit any of this in.

Jan 25 00:29:42 gatei46 214: Jan 25 05:29:41 UTC: %SEC-6-IPACCESSLOGP: list 101 denied udp 63.209.100.22(1253) -> 208.254.46.93(1434), 1 packet
Jan 25 00:29:49 gatei46 215: Jan 25 05:29:48 UTC: %SEC-6-IPACCESSLOGP: list 101 denied udp 208.14.240.150(4315) -> 208.254.46.3(1434), 1 packet
Jan 25 00:29:52 gatei46 216: Jan 25 05:29:51 UTC: %SEC-6-IPACCESSLOGP: list 101 denied udp 63.209.100.22(1253) -> 208.254.46.150(1434), 1 packet
Jan 25 00:30:01 gatei46 217: Jan 25 05:30:00 UTC: %SEC-6-IPACCESSLOGP: list 101 denied udp 218.234.13.22(4762) -> 208.254.46.62(1434), 1 packet
Jan 25 00:30:03 gatei46 218: Jan 25 05:30:02 UTC: %SEC-6-IPACCESSLOGP: list 101 denied udp 211.172.232.82(3830) -> 208.254.47.188(1434), 1 packet