![[H]ard|Forum](/styles/hardforum/xenforo/logo_dark.png){kind=logo}
Navigation
Install the app
How to install the app on iOS
Follow along with the video below to see how to install our site as a web app on your home screen.
Note: This feature may not be available in some browsers.
More options
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
What the heck are these packets?
- Thread starter Penguini
- Start date
nameless_centurian
Gawd
- Joined
- Apr 4, 2003
- Messages
- 836
those are MOST LIKELY ping packets, though they could be another part of the icmp suite.
i would isolate the machine that is producing these. your firewall is configured to lock these going outbound, and a rule is catching them. you could have a bot installed on your comptuer to offer ping floods for a DoS attack on someone, or it could be a chatty program running on your PC which needs constant reassurance that it has aconnection to whatevertheheck.
here is the result from some whois's
noticing a pattern?
i would isolate the machine that is producing these. your firewall is configured to lock these going outbound, and a rule is catching them. you could have a bot installed on your comptuer to offer ping floods for a DoS attack on someone, or it could be a chatty program running on your PC which needs constant reassurance that it has aconnection to whatevertheheck.
here is the result from some whois's
Code:
Search results for: 87.3.205.20
OrgName: RIPE Network Coordination Centre
OrgID: RIPE
Address: P.O. Box 10096
City: Amsterdam
StateProv:
PostalCode: 1001EB
Country: NL
ReferralServer: whois://whois.ripe.net:43
NetRange: 87.0.0.0 - 87.255.255.255
CIDR: 87.0.0.0/8
NetName: 87-RIPE
NetHandle: NET-87-0-0-0-1
Parent:
NetType: Allocated to RIPE NCC
NameServer: NS-PRI.RIPE.NET
NameServer: NS3.NIC.FR
NameServer: SEC1.APNIC.NET
NameServer: SEC3.APNIC.NET
NameServer: SUNIC.SUNET.SE
NameServer: TINNIE.ARIN.NET
NameServer: NS.LACNIC.NET
Comment: These addresses have been further assigned to users in
Comment: the RIPE NCC region. Contact information can be found in
Comment: the RIPE database at [url]http://www.ripe.net/whois[/url]
RegDate: 2004-04-01
Updated: 2004-04-06
Code:
Search results for: 82.35.222.192
OrgName: RIPE Network Coordination Centre
OrgID: RIPE
Address: P.O. Box 10096
City: Amsterdam
StateProv:
PostalCode: 1001EB
Country: NL
ReferralServer: whois://whois.ripe.net:43
NetRange: 82.0.0.0 - 82.255.255.255
CIDR: 82.0.0.0/8
NetName: 82-RIPE
NetHandle: NET-82-0-0-0-1
Parent:
NetType: Allocated to RIPE NCC
NameServer: NS-PRI.RIPE.NET
NameServer: NS3.NIC.FR
NameServer: SEC1.APNIC.NET
NameServer: SEC3.APNIC.NET
NameServer: SUNIC.SUNET.SE
NameServer: TINNIE.ARIN.NET
Comment: These addresses have been further assigned to users in
Comment: the RIPE NCC region. Contact information can be found in
Comment: the RIPE database at [url]http://www.ripe.net/whois[/url]
RegDate: 2002-11-23
Updated: 2004-03-16
Code:
Search results for: 212.242.169.43
OrgName: RIPE Network Coordination Centre
OrgID: RIPE
Address: P.O. Box 10096
City: Amsterdam
StateProv:
PostalCode: 1001EB
Country: NL
ReferralServer: whois://whois.ripe.net:43
NetRange: 212.0.0.0 - 212.255.255.255
CIDR: 212.0.0.0/8
NetName: RIPE-NCC-212
NetHandle: NET-212-0-0-0-1
Parent:
NetType: Allocated to RIPE NCC
NameServer: NS-PRI.RIPE.NET
NameServer: NS3.NIC.FR
NameServer: SUNIC.SUNET.SE
NameServer: NS-EXT.ISC.ORG
NameServer: SEC1.APNIC.NET
NameServer: SEC3.APNIC.NET
NameServer: TINNIE.ARIN.NET
Comment: These addresses have been further assigned to users in
Comment: the RIPE NCC region. Contact information can be found in
Comment: the RIPE database at [url]http://www.ripe.net/whois[/url]
RegDate: 1997-11-14
Updated: 2005-08-03
Code:
Search results for: 193.170.224.75
OrgName: RIPE Network Coordination Centre
OrgID: RIPE
Address: P.O. Box 10096
City: Amsterdam
StateProv:
PostalCode: 1001EB
Country: NL
ReferralServer: whois://whois.ripe.net:43
NetRange: 193.0.0.0 - 193.255.255.255
CIDR: 193.0.0.0/8
NetName: RIPE-CBLK
NetHandle: NET-193-0-0-0-1
Parent:
NetType: Allocated to RIPE NCC
NameServer: NS-PRI.RIPE.NET
NameServer: NS3.NIC.FR
NameServer: SUNIC.SUNET.SE
NameServer: NS-EXT.ISC.ORG
NameServer: SEC1.APNIC.NET
NameServer: SEC3.APNIC.NET
NameServer: TINNIE.ARIN.NET
Comment: These addresses have been further assigned to users in
Comment: the RIPE NCC region. Contact information can be found in
Comment: the RIPE database at [url]http://www.ripe.net/whois[/url]
RegDate: 1992-08-12
Updated: 2005-08-03noticing a pattern?
nameless_centurian
Gawd
- Joined
- Apr 4, 2003
- Messages
- 836
i read your post again...
and now i am finding it odd that destination unreachable packets are STARTING from your lan and heading back to the wan... this is opposite of what is normal, unless you have some sort of service and port forwarding to that internal address.
mind giving some more backround on that machine?
and now i am finding it odd that destination unreachable packets are STARTING from your lan and heading back to the wan... this is opposite of what is normal, unless you have some sort of service and port forwarding to that internal address.
mind giving some more backround on that machine?