[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Tracking down IP's

On Sun, 31 Dec 2000 13:34:02 -0600, ktb said:

> On Sun, Dec 31, 2000 at 12:16:59PM -0700, JD Kitch wrote:
>  > Can anyone tell me what this person is looking for here, and how I
>  > can find out where this is coming from?
>  > 
>  > Security Violations
>  > =-=-=-=-=-=-=-=-=-=
>  > Dec 31 11:06:47 tower kernel: Packet log: output REJECT eth0 PROTO=17 xx.xx.xxx.xx:61662 172.16.72.113:161 L=106 S=0x00 I=7632 F=0x0000 T=127 (#43)
>  > Dec 31 11:06:53 tower kernel: Packet log: output REJECT eth0 PROTO=17 xx.xx.xxx.xx:61662 172.16.72.113:161 L=106 S=0x00 I=7712 F=0x0000 T=127 (#43)
>  > Dec 31 11:06:59 tower kernel: Packet log: output REJECT eth0 PROTO=17 xx.xx.xxx.xx:61662 172.16.72.113:161 L=106 S=0x00 I=7713 F=0x0000 T=127 (#43)
>  > Dec 31 11:07:06 tower kernel: Packet log: output REJECT eth0 PROTO=17 xx.xx.xxx.xx:61662 172.16.72.113:161 L=106 S=0x00 I=7716 F=0x0000 T=127 (#43)
>  > Dec 31 11:07:13 tower kernel: Packet log: output REJECT eth0 PROTO=17 xx.xx.xxx.xx:61662 172.16.72.113:161 L=106 S=0x00 I=7724 F=0x0000 T=127 (#43)
>  > Dec 31 11:07:19 tower kernel: Packet log: output REJECT eth0 PROTO=17 xx.xx.xxx.xx:61662 172.16.72.113:161 L=106 S=0x00 I=7725 F=0x0000 T=127 (#43)
>  > 
>  > I've been unable to track it down.  I've had pages and pages of this
>  > every hour since early yesterday, always coming from the same IP, to
>  > the same port.
>  	
run	 $whois 172.16.72.113
IANA (IANA-BBLK-RESERVED)
   Internet Assigned Numbers Authority
   Information Sciences Institute
   University of Southern California
   4676 Admiralty Way, Suite 330
   Marina del Rey, CA 90292-6695

run $ cat  /etc/services|more
snmp		161/udp 			# Simple Net Mgmt Proto

	Probably harmless.
Reply to: