[Dshield] Should I be concerned about this?

E.B. Dreger eddy+public+spam at noc.everquick.net
Wed Jun 26 04:36:28 GMT 2002

M> Date: Tue, 25 Jun 2002 20:34:33 -0400
M> From: Mercy

(snipped throughout)

M> "The firewall has blocked routed traffic from to
M> (IP Protocol 117).

IP protocol 117 == interactive agent transfer protocol

I don't offhand know of anything using it.  Note that 222.... is
a class D multicast address.  Do you know if you're running any
multicast-aware software?

M> "ZoneAlarm blocked an incoming data packet that was addressed
M> to port 0 on another computer. The packet was either

Same warning?  I don't know that protocol 117 even has ports. :-)
But, then, I don't know anything about IP/117.

M> This alert generally occurs either as a result of random
M> routing problems on the Internet or a configuration issue on a

Random routing problems are rare.  There'd need to be some funky
ARP trouble to cause a "configuration issue", too.

Mercy, does your provider support multicast?  Have you any other
computers connected to the same network?  What software do you
have running?

M>      traceroute
M>       3    8.015 ms   DNS error [AS226] .....

BGP-aware traceroute.... mmmm....

Brotsman & Dreger, Inc. - EverQuick Internet Division
Bandwidth, consulting, e-commerce, hosting, and network building
Phone: +1 (785) 865-5885 Lawrence and [inter]national
Phone: +1 (316) 794-8922 Wichita

Date: Mon, 21 May 2001 11:23:58 +0000 (GMT)
From: A Trap <blacklist at brics.com>
To: blacklist at brics.com
Subject: Please ignore this portion of my mail signature.

These last few lines are a trap for address-harvesting spambots.
Do NOT send mail to <blacklist at brics.com>, or you are likely to
be blocked.

More information about the list mailing list