Snoopers?

[globby]

I'm getting hammered numerous times from DoD Network Information
Center, why? anyone else had this?

(DOD stands for US Department of Defense).


Description      Packet sent from * (UDP Port 4936) to * (UDP Port 1026) was blocked
Rating           Medium
Date / Time      2006/09/26 07:41:42+1:00 GMT
Type             Firewall
Protocol         UDP
Program         
Source IP        *
Destination IP   *
Direction        Incoming
Action Taken     Blocked
Count            1
Source DNS       host48-174.circular.de
Destination DNS  MICROHARD


Whois Information 


   
OrgName:    DoD Network Information Center
OrgID:      DNIC
Address:    3990 E. Broad Street
City:       Columbus
StateProv:  OH
PostalCode: 43218
Country:    US

NetRange:   215.0.0.0 - 215.255.255.255
CIDR:       215.0.0.0/8
NetName:    DDN-NIC16
NetHandle:  NET-215-0-0-0-1
Parent:     
NetType:    Direct Allocation
NameServer: CON1R.NIPR.MIL
NameServer: CON2R.NIPR.MIL
NameServer: EUR1R.NIPR.MIL
NameServer: EUR2R.NIPR.MIL
NameServer: PAC1R.NIPR.MIL
NameServer: PAC2R.NIPR.MIL
Comment:   
RegDate:    1998-06-05
Updated:    2006-04-11

OrgTechHandle: MIL-HSTMST-ARIN
OrgTechName:   Network DoD
OrgTechPhone:  +1-800-365-3642
OrgTechEmail:  HOSTMASTER@nic.mil

# ARIN WHOIS database, last updated 2006-09-25 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database


p.s

I am not a terrorist unless using P2P makes you one

Edit: Removed IP address

[Scott]

A few options spring to mind Globby

One of their machines has been co-opted into doing naughties for some bot-net (unlikely but not impossible !)
Someone IS doing naughties but is spoofing their IP address to come from within the DoD subnet.

Anything else ?

[Jeff]

Maybe Donald Rumsfeld uses Shareaza?

[Scott]

Maybe Donald Rumsfeld uses Shareaza?

LoL..."find @rse with a map" springs to mind, nevermind getting a seed sorted out

[globby]

These are trying pretty hard as well:

Description      Packet sent from * (TCP Port 32841) to * (TCP Port 12566) was blocked
Rating           Medium
Date / Time      2006/09/28 20:21:36+1:00 GMT
Type             Firewall
Protocol         TCP (flags:S)
Program         
Source IP        *
Destination IP   *
Direction        Incoming
Action Taken     Blocked
Count            1
Source DNS       
Destination DNS  MICROHARD


OrgName:    Performance Systems International Inc.
OrgID:      PSI
Address:    1015 31st St NW
City:       Washington
StateProv:  DC
PostalCode: 20007
Country:    US

NetRange:   130.117.0.0 - 130.117.255.255
CIDR:       130.117.0.0/16
NetName:    COGENT-EUROPEAN-OPERATIONS-001
NetHandle:  NET-130-117-0-0-1
Parent:     NET-130-0-0-0-0
NetType:    Direct Assignment
NameServer: AUTH1.DNS.COGENTCO.COM
NameServer: AUTH2.DNS.COGENTCO.COM
NameServer: AUTH4.DNS.COGENTCO.COM
NameServer: AUTH5.DNS.COGENTCO.COM
Comment:   
Comment:    ********************************************
Comment:    Reassignment information for this block is
Comment:    available at rwhois.cogentco.com port 4321
Comment:    ********************************************
RegDate:   
Updated:    2004-12-28

RTechHandle: PSI-NISC-ARIN
RTechName:   IP Allocation
RTechPhone:  +1-877-875-4311
RTechEmail:  ipalloc@cogentco.com

OrgAbuseHandle: COGEN-ARIN
OrgAbuseName:   Cogent Abuse
OrgAbusePhone:  +1-877-875-4311
OrgAbuseEmail:  abuse@cogentco.com

OrgNOCHandle: ZC108-ARIN
OrgNOCName:   Cogent Communications
OrgNOCPhone:  +1-877-875-4311
OrgNOCEmail:  noc@cogentco.com

OrgTechHandle: IPALL-ARIN
OrgTechName:   IP Allocation
OrgTechPhone:  +1-877-875-4311
OrgTechEmail:  ipalloc@cogentco.com

# ARIN WHOIS database, last updated 2006-09-24 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database



I've took out the IP addresses this time.