[Dshield] Should I be concerned about this?

Mercy Mercymail at mindspring.com
Wed Jun 26 23:54:57 GMT 2002


Thanks a bunch, Erick :)

Mercy
  ----- Original Message ----- 
  From: Erick Brockway 
  To: list at dshield.org 
  Sent: Wednesday, June 26, 2002 12:03 AM
  Subject: Re: [Dshield] Should I be concerned about this?


      I know it's all pretty confusing sorting out actual attacks from internet noise. There IS a lot of it.
      Try this;
  http://www.robertgraham.com/pubs/firewall-seen.html
      Gives an excellent reference for the more common stuff.

  Erick
    ----- Original Message ----- 
    From: Mercy 
    To: DS mailing list 
    Sent: Tuesday, June 25, 2002 5:34 PM
    Subject: [Dshield] Should I be concerned about this?


    Zone alarm picked this up, and I've never seen this before, so I'm not sure what it is.

    This is what the little Zone alarm window says about it:

    "The firewall has blocked routed traffic from 68.71.167.143 to 222.174.130.106 (IP Protocol 117).

    Time: 6/25/02 8:24:42 PM"

    And, this is what the Zone Alarm page says about it, but i'm still confused:

    "ZoneAlarm blocked an incoming data packet that was addressed to port 0 on another
    computer. The packet was either mistakenly or intentionally routed through your
    computer. The data packet was sent from port 0 on a computer whose IP address is
    68.71.167.143.

    This alert generally occurs either as a result of random routing problems on the Internet or
    a configuration issue on a local network. If you are in a networked environment using NAT
    or ICS, make sure you are using ZoneAlarm Pro on the gateway. ZoneAlarm does not
    support NAT or ICS for gateways but can be used on the other networked machines."

    When I do a whois on this IP... this is what I get:

    68.71.167.143 has no reverse DNS configured.



         whois -h magic 68.71.167.143

         Trying whois -h whois.arin.net 68.71.167.143

         Adelphia Cable Communications (NETBLK-ADELPHIA-CABLE-4)
            Main at Water Street 
            Coudersport, PA 16915 
            US

            Netname: ADELPHIA-CABLE-4
            Netblock: 68.64.0.0 - 68.71.255.255
            Maintainer: ADEL

            Coordinator:
               Hostmaster, Adelphia  (AH102-ARIN)  ipadmin at adelphia.net
               814.274.0638 (FAX) 814.274.8457

            Domain System inverse mapping provided by:

            NS1.ADELPHIA.NET 64.8.29.73
            NS2.ADELPHIA.NET 64.8.29.105
            NS3.ADELPHIA.NET 64.8.1.246

            ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE

            Record last updated on 10-Apr-2002.
            Database last updated on  24-Jun-2002 20:00:57 EDT.

         The ARIN Registration Services Host contains ONLY Internet
         Network Information: Networks, ASN's, and related POC's.
         Please use the whois server at rs.internic.net for DOMAIN related
         Information and whois.nic.mil for NIPRNET Information.



         Trying whois -h whois.arin.net 68.71.167.143

         Adelphia Cable Communications (NETBLK-ADELPHIA-CABLE-4)
            Main at Water Street 
            Coudersport, PA 16915 
            US

            Netname: ADELPHIA-CABLE-4
            Netblock: 68.64.0.0 - 68.71.255.255
            Maintainer: ADEL

            Coordinator:
               Hostmaster, Adelphia  (AH102-ARIN)  ipadmin at adelphia.net
               814.274.0638 (FAX) 814.274.8457

            Domain System inverse mapping provided by:

            NS1.ADELPHIA.NET 64.8.29.73
            NS2.ADELPHIA.NET 64.8.29.105
            NS3.ADELPHIA.NET 64.8.1.246

            ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE

            Record last updated on 10-Apr-2002.
            Database last updated on  24-Jun-2002 20:00:57 EDT.

         The ARIN Registration Services Host contains ONLY Internet
         Network Information: Networks, ASN's, and related POC's.
         Please use the whois server at rs.internic.net for DOMAIN related
         Information and whois.nic.mil for NIPRNET Information.



         traceroute 68.71.167.143

                                                    

          3    206.117.161.1    8.015 ms   DNS error [AS226] Los Nettos origin AS



    Sorry, but this is all new to me.  Please remember I'm trying to learn, and make sence of this all.

    Thanks in advance,

    Mercy
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.dshield.org/pipermail/list/attachments/20020626/e3eec00b/attachment.htm


More information about the list mailing list