[Dshield] Should I be concerned about this?

Erick Brockway erick.brockway at verizon.net
Wed Jun 26 04:03:11 GMT 2002


    I know it's all pretty confusing sorting out actual attacks from internet noise. There IS a lot of it.
    Try this;
http://www.robertgraham.com/pubs/firewall-seen.html
    Gives an excellent reference for the more common stuff.

Erick
  ----- Original Message ----- 
  From: Mercy 
  To: DS mailing list 
  Sent: Tuesday, June 25, 2002 5:34 PM
  Subject: [Dshield] Should I be concerned about this?


  Zone alarm picked this up, and I've never seen this before, so I'm not sure what it is.

  This is what the little Zone alarm window says about it:

  "The firewall has blocked routed traffic from 68.71.167.143 to 222.174.130.106 (IP Protocol 117).

  Time: 6/25/02 8:24:42 PM"

  And, this is what the Zone Alarm page says about it, but i'm still confused:

  "ZoneAlarm blocked an incoming data packet that was addressed to port 0 on another
  computer. The packet was either mistakenly or intentionally routed through your
  computer. The data packet was sent from port 0 on a computer whose IP address is
  68.71.167.143.

  This alert generally occurs either as a result of random routing problems on the Internet or
  a configuration issue on a local network. If you are in a networked environment using NAT
  or ICS, make sure you are using ZoneAlarm Pro on the gateway. ZoneAlarm does not
  support NAT or ICS for gateways but can be used on the other networked machines."

  When I do a whois on this IP... this is what I get:

  68.71.167.143 has no reverse DNS configured.



       whois -h magic 68.71.167.143

       Trying whois -h whois.arin.net 68.71.167.143

       Adelphia Cable Communications (NETBLK-ADELPHIA-CABLE-4)
          Main at Water Street 
          Coudersport, PA 16915 
          US

          Netname: ADELPHIA-CABLE-4
          Netblock: 68.64.0.0 - 68.71.255.255
          Maintainer: ADEL

          Coordinator:
             Hostmaster, Adelphia  (AH102-ARIN)  ipadmin at adelphia.net
             814.274.0638 (FAX) 814.274.8457

          Domain System inverse mapping provided by:

          NS1.ADELPHIA.NET 64.8.29.73
          NS2.ADELPHIA.NET 64.8.29.105
          NS3.ADELPHIA.NET 64.8.1.246

          ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE

          Record last updated on 10-Apr-2002.
          Database last updated on  24-Jun-2002 20:00:57 EDT.

       The ARIN Registration Services Host contains ONLY Internet
       Network Information: Networks, ASN's, and related POC's.
       Please use the whois server at rs.internic.net for DOMAIN related
       Information and whois.nic.mil for NIPRNET Information.



       Trying whois -h whois.arin.net 68.71.167.143

       Adelphia Cable Communications (NETBLK-ADELPHIA-CABLE-4)
          Main at Water Street 
          Coudersport, PA 16915 
          US

          Netname: ADELPHIA-CABLE-4
          Netblock: 68.64.0.0 - 68.71.255.255
          Maintainer: ADEL

          Coordinator:
             Hostmaster, Adelphia  (AH102-ARIN)  ipadmin at adelphia.net
             814.274.0638 (FAX) 814.274.8457

          Domain System inverse mapping provided by:

          NS1.ADELPHIA.NET 64.8.29.73
          NS2.ADELPHIA.NET 64.8.29.105
          NS3.ADELPHIA.NET 64.8.1.246

          ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE

          Record last updated on 10-Apr-2002.
          Database last updated on  24-Jun-2002 20:00:57 EDT.

       The ARIN Registration Services Host contains ONLY Internet
       Network Information: Networks, ASN's, and related POC's.
       Please use the whois server at rs.internic.net for DOMAIN related
       Information and whois.nic.mil for NIPRNET Information.



       traceroute 68.71.167.143

                                                  

        3    206.117.161.1    8.015 ms   DNS error [AS226] Los Nettos origin AS



  Sorry, but this is all new to me.  Please remember I'm trying to learn, and make sence of this all.

  Thanks in advance,

  Mercy
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.dshield.org/pipermail/list/attachments/20020625/a3b9a44c/attachment.htm


More information about the list mailing list