Snoopers?

Started by globby, Sep 26, 2006, 07:52:03

Previous topic - Next topic

0 Members and 2 Guests are viewing this topic.

globby

I'm getting hammered numerous times from DoD Network Information
Center, why? anyone else had this?

(DOD stands for US Department of Defense).


Description      Packet sent from * (UDP Port 4936) to * (UDP Port 1026) was blocked
Rating           Medium
Date / Time      2006/09/26 07:41:42+1:00 GMT
Type             Firewall
Protocol         UDP
Program         
Source IP        *
Destination IP   *
Direction        Incoming
Action Taken     Blocked
Count            1
Source DNS       host48-174.circular.de
Destination DNS  MICROHARD


Whois Information 


   
OrgName:    DoD Network Information Center
OrgID:      DNIC
Address:    3990 E. Broad Street
City:       Columbus
StateProv:  OH
PostalCode: 43218
Country:    US

NetRange:   215.0.0.0 - 215.255.255.255
CIDR:       215.0.0.0/8
NetName:    DDN-NIC16
NetHandle:  NET-215-0-0-0-1
Parent:     
NetType:    Direct Allocation
NameServer: CON1R.NIPR.MIL
NameServer: CON2R.NIPR.MIL
NameServer: EUR1R.NIPR.MIL
NameServer: EUR2R.NIPR.MIL
NameServer: PAC1R.NIPR.MIL
NameServer: PAC2R.NIPR.MIL
Comment:   
RegDate:    1998-06-05
Updated:    2006-04-11

OrgTechHandle: MIL-HSTMST-ARIN
OrgTechName:   Network DoD
OrgTechPhone:  +1-800-365-3642
OrgTechEmail:  HOSTMASTER@nic.mil

# ARIN WHOIS database, last updated 2006-09-25 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database


p.s

I am not a terrorist unless using P2P makes you one

Edit: Removed IP address ;)

Scott

A few options spring to mind Globby

One of their machines has been co-opted into doing naughties for some bot-net (unlikely but not impossible !)
Someone IS doing naughties but is spoofing their IP address to come from within the DoD subnet.

Anything else ?
Member of the IDNet Mafia
How to Spot and Deal with Trolls

Jeff

Maybe Donald Rumsfeld uses Shareaza? ;)

Scott

Quote from: Jeff on Sep 26, 2006, 23:27:41
Maybe Donald Rumsfeld uses Shareaza? ;)

LoL..."find @rse with a map" springs to mind, nevermind getting a seed sorted out ;)
Member of the IDNet Mafia
How to Spot and Deal with Trolls

globby

#4
These are trying pretty hard as well:

Description      Packet sent from * (TCP Port 32841) to * (TCP Port 12566) was blocked
Rating           Medium
Date / Time      2006/09/28 20:21:36+1:00 GMT
Type             Firewall
Protocol         TCP (flags:S)
Program         
Source IP        *
Destination IP   *
Direction        Incoming
Action Taken     Blocked
Count            1
Source DNS       
Destination DNS  MICROHARD


OrgName:    Performance Systems International Inc.
OrgID:      PSI
Address:    1015 31st St NW
City:       Washington
StateProv:  DC
PostalCode: 20007
Country:    US

NetRange:   130.117.0.0 - 130.117.255.255
CIDR:       130.117.0.0/16
NetName:    COGENT-EUROPEAN-OPERATIONS-001
NetHandle:  NET-130-117-0-0-1
Parent:     NET-130-0-0-0-0
NetType:    Direct Assignment
NameServer: AUTH1.DNS.COGENTCO.COM
NameServer: AUTH2.DNS.COGENTCO.COM
NameServer: AUTH4.DNS.COGENTCO.COM
NameServer: AUTH5.DNS.COGENTCO.COM
Comment:   
Comment:    ********************************************
Comment:    Reassignment information for this block is
Comment:    available at rwhois.cogentco.com port 4321
Comment:    ********************************************
RegDate:   
Updated:    2004-12-28

RTechHandle: PSI-NISC-ARIN
RTechName:   IP Allocation
RTechPhone:  +1-877-875-4311
RTechEmail:  ipalloc@cogentco.com

OrgAbuseHandle: COGEN-ARIN
OrgAbuseName:   Cogent Abuse
OrgAbusePhone:  +1-877-875-4311
OrgAbuseEmail:  abuse@cogentco.com

OrgNOCHandle: ZC108-ARIN
OrgNOCName:   Cogent Communications
OrgNOCPhone:  +1-877-875-4311
OrgNOCEmail:  noc@cogentco.com

OrgTechHandle: IPALL-ARIN
OrgTechName:   IP Allocation
OrgTechPhone:  +1-877-875-4311
OrgTechEmail:  ipalloc@cogentco.com

# ARIN WHOIS database, last updated 2006-09-24 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database



I've took out the IP addresses this time.