Am I paranoid or are people trying to get me?
Steven W. Orr
steveo at syslang.net
Tue Jul 6 23:06:44 EDT 2010
I just had a minor outage over here with RCN at home on my server. After a
mere bag O shells that cost me an hour, they actually got me back up and
running. During the bring up, I noticed that my firewall in linux was
registering that it was dropping ping packets. (I have my firewall set to drop
any more than three ICMP packets per minute.) But then I got curious to see
what was happening and found that I had (as of from april 28 to now) 47185
firewall events but they all came from one macaddr. Also, this one macaddr
seems to be attributed to (so far) 2518 ip addresses.
I checked with RCN and they say it's not one of theirs. Every single event in
my firewall refers to this guy:
00:12:44:91:f0:01
Here's a sample:
Jul 6 22:34:08 saturn kernel: [FIAIF_DROP]:IN=eth0 OUT=
MAC=00:13:d4:d1:b7:7c:00:12:44:91:f0:01:08:00 SRC=221.192.199.46
DST=207.172.210.41 LEN=40 TOS=0x00 PREC=0x00 TTL=105 ID=256 DF PROTO=TCP
SPT=12200 DPT=8085 WINDOW=8192 RES=0x00 SYN URGP=0
The first 6bytes in the macaddr are me, the second 6 are from Boris Badinoff.
I can block that macaddr from my firewall, but I can't believe this is as
nefarious as it looks.
I have one other piece of information: I ran traceroutes on some of the src ip
addresses and some go back to avg.com here in good old Chelmsford MA. Not all,
but a lot of them. (I have been installing avg on some people's machines, but
that's no reason to ping me, is it?) I can call them in the morning...
If anyone has any ideas, I'd be curious. I'm hoping I'm just misinterpreting
something.
--
Time flies like the wind. Fruit flies like a banana. Stranger things have .0.
happened but none stranger than this. Does your driver's license say Organ ..0
Donor?Black holes are where God divided by zero. Listen to me! We are all- 000
individuals! What if this weren't a hypothetical question?
steveo at syslang.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 261 bytes
Desc: OpenPGP digital signature
Url : http://mail.gnhlug.org/mailman/private/gnhlug-discuss/attachments/20100706/2e500a7b/attachment.bin
More information about the gnhlug-discuss
mailing list