Incident 02-18-02 18:48pm

Some ICMP weirdnesses?

Let's see..


Unusual System Events
=-=-=-=-=-=-=-=-=-=-=

First, we get two icmp 3:3's -- which is icmp type 3,destination unreachable; code 3, port unreachable.

Feb 18 23:51:00 greatwall kernel: Packet log: input ACCEPT ppp0 PROTO=1 216.157.55.51:3
+12.82.133.142:3 L=56 S=0x00 I=48558 F=0x0000 T=242 (#54)

Feb 18 23:51:08 greatwall kernel: Packet log: input ACCEPT ppp0 PROTO=1 216.157.55.51:3
+12.82.133.142:3 L=56 S=0x00 I=49059 F=0x0000 T=242 (#54)

OK. If these are legitimate icmp port unreachables, we should have sent something out in the first place.

What packets did snort catch either going out to, or coming in from the IP address 216.157.55.51?


[toot@sparky /storage/snort/old_snorts/021802]# snort182view snort-0218@2333.log host 216.157.55.51

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 
02/18-23:50:56.471427 12.82.133.142:1029 -> 216.157.55.51:53
UDP TTL:64 TOS:0x0 ID:15726 IpLen:20 DgmLen:57
Len: 37
64 EF 00 00 00 01 00 00 00 00 00 00 03 77 77 77  d............www
03 65 74 6D 03 6F 72 67 00 00 01 00 01           .etm.org..... 

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 
02/18-23:51:00.074337 216.157.55.51 -> 12.82.133.142
ICMP TTL:242 TOS:0x0 ID:48558 IpLen:20 DgmLen:56
Type:3  Code:3  DESTINATION UNREACHABLE: PORT UNREACHABLE
** ORIGINAL DATAGRAM DUMP:
12.82.133.142:1029 -> 216.157.55.51:53
UDP TTL:51 TOS:0x0 ID:15726 IpLen:20 DgmLen:57
Len: 37
** END OF DUMP
00 00 00 00 45 00 00 39 3D 6E 00 00 33 11 A8 95  ....E..9=n..3...
0C 52 85 8E D8 9D 37 33 04 01 00 35 00 25 8A 35  .R....73...5.%.5 

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 
02/18-23:51:04.006427 12.82.133.142:1029 -> 216.157.55.51:53
UDP TTL:64 TOS:0x0 ID:15745 IpLen:20 DgmLen:57
Len: 37
64 EF 00 00 00 01 00 00 00 00 00 00 03 77 77 77  d............www
03 65 74 6D 03 6F 72 67 00 00 01 00 01           .etm.org..... 

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 
02/18-23:51:08.055168 216.157.55.51 -> 12.82.133.142
ICMP TTL:242 TOS:0x0 ID:49059 IpLen:20 DgmLen:56
Type:3  Code:3  DESTINATION UNREACHABLE: PORT UNREACHABLE
** ORIGINAL DATAGRAM DUMP:
12.82.133.142:1029 -> 216.157.55.51:53
UDP TTL:51 TOS:0x0 ID:15745 IpLen:20 DgmLen:57
Len: 37
** END OF DUMP
00 00 00 00 45 00 00 39 3D 81 00 00 33 11 A8 82  ....E..9=...3...
0C 52 85 8E D8 9D 37 33 04 01 00 35 00 25 8A 35  .R....73...5.%.5 

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

OK: who is this?

BW whois 2.9 by Bill Weinman (http://whois.bw.org/)
 1999-2001 William E. Weinman 

Request: 216.157.55.51
connecting to whois.arin.net [63.146.182.182:43] ...

Web2010 Inc (NETBLK-WEB2010-BLK-1)
   20 Park Ave Suite B
   Apopka, 32703
   US    
Netname: WEB2010-BLK-1
   Netblock: 216.157.0.0 - 216.157.111.255
   Maintainer: WEB    
Coordinator:
      coordinator, arin  (ZZ1355-ARIN)  arin-swip@maxim.net
      800-640-4629    
Domain System inverse mapping provided by: 
   NS.WEB2010.COM209.235.31.149
   NS2.WEB2010.COM209.196.60.253

hmm.. Means nothing to me..

What's host tell us?

[toot@sparky /storage/snort/old_snorts/021802]# host 216.157.55.51

51.55.157.216.in-addr.arpa. domain name pointer ns2.hostcentric.net.

And what about dig for www.etm.org?

[toot@sparky /storage/snort/old_snorts/021802]# dig @greatwall www.etm.org  

; <<>> DiG 9.1.0 <<>> @greatwall www.etm.org
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31497
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;www.etm.org.			IN	A

;; ANSWER SECTION:
www.etm.org.		22538	IN	A	66.40.80.111

;; AUTHORITY SECTION:
etm.org.		108764	IN	NS	NS2.HOSTCENTRIC.NET.
etm.org.		108764	IN	NS	NS1.HOSTCENTRIC.NET.

;; ADDITIONAL SECTION:
NS2.HOSTCENTRIC.NET.	108766	IN	A	216.157.55.51
NS1.HOSTCENTRIC.NET.	108766	IN	A	216.157.47.47

;; Query time: 50 msec
;; SERVER: 192.168.1.2#53(greatwall)
;; WHEN: Tue Feb 19 17:35:28 2002
;; MSG SIZE  rcvd: 135

So nothing funky there: we were asking for DNS information about www.etm.org, apparently from a nameserver that was not responding at the moment...

heh.. I remember what that was.. long story.


OK: what about this, two seconds later?

Icmp type 1 - a ping.

I don't like pings, as a rule. And look at the length ( L=1500 )...

1500 bytes? Not unheard of, but...

Let's see who this guy is.

Feb 18 23:53:51 greatwall snort: [1:0:0] ICMP echo request {ICMP} 194.42.0.134 ->
+12.82.133.142

Feb 18 23:53:51 greatwall kernel: Packet log: input DENY ppp0 PROTO=1 194.42.0.134:8
+12.82.133.142:0 L=1500 S=0x00 I=29294 F=0x4000 T=238 (#59)

Feb 18 23:53:58 greatwall kernel: Packet log: input DENY ppp0 PROTO=1 194.42.0.134:8
+12.82.133.142:0 L=1500 S=0x00 I=29406 F=0x4000 T=238 (#59)

What did snort see, to or from 194.42.0.134?

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
02/18-23:53:50.628308 12.82.133.142:1025 -> 194.42.0.134:53
UDP TTL:64 TOS:0x0 ID:15851 IpLen:20 DgmLen:64
Len: 44
E3 D0 00 00 00 01 00 00 00 00 00 00 03 4E 53 32  .............NS2
07 43 59 54 41 4E 45 54 03 43 4F 4D 02 43 59 00  .CYTANET.COM.CY.
00 01 00 01                                      ....

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
02/18-23:53:51.071675 194.42.0.134:53 -> 12.82.133.142:1025
UDP TTL:13 TOS:0x0 ID:29293 IpLen:20 DgmLen:144
Len: 124
E3 D0 80 80 00 01 00 01 00 02 00 02 03 4E 53 32  .............NS2
07 43 59 54 41 4E 45 54 03 43 4F 4D 02 43 59 00  .CYTANET.COM.CY.
00 01 00 01 C0 0C 00 01 00 01 00 01 51 80 00 04  ............Q...
C3 0E 82 DC C0 10 00 02 00 01 00 01 51 80 00 06  ............Q...
03 6E 73 31 C0 10 C0 10 00 02 00 01 00 01 51 80  .ns1..........Q.
00 02 C0 0C C0 40 00 01 00 01 00 01 51 80 00 04  .....@......Q...
C3 0E 85 AA C0 0C 00 01 00 01 00 01 51 80 00 04  ............Q...
C3 0E 82 DC                                      ....

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
02/18-23:53:51.331691 194.42.0.134 -> 12.82.133.142
ICMP TTL:238 TOS:0x0 ID:29294 IpLen:20 DgmLen:1500 DF
Type:8  Code:0  ID:0   Seq:0  ECHO
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
02/18-23:53:58.182397 194.42.0.134 -> 12.82.133.142
ICMP TTL:238 TOS:0x0 ID:29406 IpLen:20 DgmLen:1500 DF
Type:8  Code:0  ID:0   Seq:512  ECHO
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
Snort processed 4 packets.
Breakdown by protocol:                Action Stats:

    TCP: 0          (0.000%)          ALERTS: 0         
    UDP: 2          (50.000%)         LOGGED: 0         
   ICMP: 2          (50.000%)         PASSED: 0         
    ARP: 0          (0.000%)
   IPv6: 0          (0.000%)
    IPX: 0          (0.000%)
  OTHER: 0          (0.000%)

BW whois 2.9 by Bill Weinman (http://whois.bw.org/)
 1999-2001 William E. Weinman 

% This is the RIPE Whois server.
% The objects are in RPSL format.
% Please visit http://www.ripe.net/rpsl for more information.
% Rights restricted by copyright.
% See http://www.ripe.net/ripencc/pub-services/db/copyright.html 

inetnum:      194.42.0.128 - 194.42.0.191
netname:      UOFCYPRUSNET
descr:        University of Cyprus
descr:        75 Kallipoleos str
descr:        1678, Nicosia
descr:        Cyprus
country:      CY
source:       RIPE 

route:        194.42.0.0/19
descr:        CYNET
descr:        University of Cyprus Academic and Research network
origin:       AS3268
remarks:      Multihomed AS talking to AS5408 and AS6866
source:       RIPE 

person:       Agathoclis Stylianou
address:      University of Cyprus
address:      75 Kallipoleos str
address:      2100, Nicosia
address:      Cyprus
phone:        +357 2 892131
fax-no:       +357 2 756082
e-mail:       agatho@ucy.ac.cy
nic-hdl:      AS183
source:       RIPE 

person:       Yiannos Pitas
address:      University Of Cyprus
address:      75 Kallipoleos Str.
address:      2100, Nicosia
address:      Cyprus
phone:        +357-2-892136
fax-no:       +357-2-756082
e-mail:       yiannos@ucy.ac.cy
nic-hdl:      YP70
source:       RIPE

The University of Cyprus? Pinging me? I think not..

What's the host name?



Feb 18 23:54:56 greatwall kernel: Packet log: input ACCEPT ppp0 PROTO=1 128.250.29.2:3
+12.82.133.142:13 L=56 S=0x00 I=38933 F=0x0000 T=238 (#57)


02/18-23:54:56.208360 128.250.29.2 -> 12.82.133.142
ICMP TTL:238 TOS:0x0 ID:38933 IpLen:20 DgmLen:56
Type:3  Code:13  DESTINATION UNREACHABLE: PACKET FILTERED
** ORIGINAL DATAGRAM DUMP:
12.82.133.142:1025 -> 128.250.22.2:53
UDP TTL:48 TOS:0x0 ID:16193 IpLen:20 DgmLen:71
Len: 51
** END OF DUMP
00 00 00 00 45 00 00 47 3F 41 00 00 30 11 22 89  ....E..G?A..0.".
0C 52 85 8E 80 FA 16 02 04 01 00 35 00 33 EC 41  .R.........5.3.A

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+


jsage@finchhaven.com
Last modified: Tue Feb 19 18:35:11 2002