Anyone have a clue what this might be?

Warren Togami warren at togami.com
Sat Jul 7 15:23:21 PDT 2001 

Might it be possible that RoadRunner is scanning with some technique
designed to detect NAT, specifically on those Linksys and Netgear Cable/DSL
routers?  Those routers use 192.168.1.0/24 by default, and 192.168.1.2 would
be the first internal client machine.

While NAT doesn't seem to be against their policies, they charge money for
every NAT client for business RoadRunner.  Perhaps they're scanning as a
precursor to institute a new policy against NAT?

----- Original Message -----
From: "Dusty" <dusty at sandust.com>
To: "Linux & Unix Advocates & Users" <luau at list.luau.hi.net>
Sent: Saturday, July 07, 2001 11:54 AM
Subject: [luau] Anyone have a clue what this might be?


> I have a lot of wierd entries in my FW log.  I haven't looked at it in
days and this is what I find. ANyone have an idea what these are?  I search
the web and can't really find anything except ICMP 11/0 is time to live
exceded.
>
> -------------------START LOG--------------------------
> Jul 7 10:35:50 manapua ipmon[13718]: 10:35:49.952009 le0 @0:11 b
24.25.225.71 -> 66.8.228.32 PR icmp len 20 56 icmp 11/0 for 66.8.228.32 -
192.168.1.2 PR icmp len 20 84 icmp 8/0 IN
> Jul 7 10:35:22 manapua ipmon[13718]: 10:35:21.629453 le0 @0:11 b
24.25.225.70 -> 66.8.228.32 PR icmp len 20 56 icmp 3/1 for 66.8.228.32 -
192.168.1.254 PR icmp len 20 84 icmp 8/0 IN
> ---------------------END LOG--------------------------
>
> most of the entries are from 24.25.225.71 (an RR Server with telnet
running) and every now and then one from 24.25.225.70 (again an RR server
with telnet). My systems IP is 66.8.228.32.  I have no system with a
192.168.1.0/24 address.  There are also several with 192.168.0.0/24
addresses and I don't have any of those either.  I have several thousand of
these entries.  I have checked my system and can't find anything to lead me
to think it has been compromised.  Do you have any clue what this is.
>
> thanks,
> Dusty
>
> PS - flex is still down so I am not getting luau mail.  If you have
anything important about this please send it to dusty at firstworld.net
>
> So I asked my accountant, do I get an agriculture
> exemption for my server farm?
>

More information about the LUAU mailing list