I'm getting hammered numerous times from DoD Network Information
Center, why? anyone else had this?
(DOD stands for US Department of Defense).
Description Packet sent from * (UDP Port 4936) to * (UDP Port 1026) was blocked
Rating Medium
Date / Time 2006/09/26 07:41:42+1:00 GMT
Type Firewall
Protocol UDP
Program
Source IP *
Destination IP *
Direction Incoming
Action Taken Blocked
Count 1
Source DNS host48-174.circular.de
Destination DNS MICROHARD
Whois Information
OrgName: DoD Network Information Center
OrgID: DNIC
Address: 3990 E. Broad Street
City: Columbus
StateProv: OH
PostalCode: 43218
Country: US
NetRange: 215.0.0.0 - 215.255.255.255
CIDR: 215.0.0.0/8
NetName: DDN-NIC16
NetHandle: NET-215-0-0-0-1
Parent:
NetType: Direct Allocation
NameServer: CON1R.NIPR.MIL
NameServer: CON2R.NIPR.MIL
NameServer: EUR1R.NIPR.MIL
NameServer: EUR2R.NIPR.MIL
NameServer: PAC1R.NIPR.MIL
NameServer: PAC2R.NIPR.MIL
Comment:
RegDate: 1998-06-05
Updated: 2006-04-11
OrgTechHandle: MIL-HSTMST-ARIN
OrgTechName: Network DoD
OrgTechPhone: +1-800-365-3642
OrgTechEmail: HOSTMASTER@nic.mil
# ARIN WHOIS database, last updated 2006-09-25 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database
p.s
I am not a terrorist unless using P2P makes you one
Edit: Removed IP address ;)
A few options spring to mind Globby
One of their machines has been co-opted into doing naughties for some bot-net (unlikely but not impossible !)
Someone IS doing naughties but is spoofing their IP address to come from within the DoD subnet.
Anything else ?
Maybe Donald Rumsfeld uses Shareaza? ;)
Quote from: Jeff on Sep 26, 2006, 23:27:41
Maybe Donald Rumsfeld uses Shareaza? ;)
LoL..."find @rse with a map" springs to mind, nevermind getting a seed sorted out ;)
These are trying pretty hard as well:
Description Packet sent from * (TCP Port 32841) to * (TCP Port 12566) was blocked
Rating Medium
Date / Time 2006/09/28 20:21:36+1:00 GMT
Type Firewall
Protocol TCP (flags:S)
Program
Source IP *
Destination IP *
Direction Incoming
Action Taken Blocked
Count 1
Source DNS
Destination DNS MICROHARD
OrgName: Performance Systems International Inc.
OrgID: PSI
Address: 1015 31st St NW
City: Washington
StateProv: DC
PostalCode: 20007
Country: US
NetRange: 130.117.0.0 - 130.117.255.255
CIDR: 130.117.0.0/16
NetName: COGENT-EUROPEAN-OPERATIONS-001
NetHandle: NET-130-117-0-0-1
Parent: NET-130-0-0-0-0
NetType: Direct Assignment
NameServer: AUTH1.DNS.COGENTCO.COM
NameServer: AUTH2.DNS.COGENTCO.COM
NameServer: AUTH4.DNS.COGENTCO.COM
NameServer: AUTH5.DNS.COGENTCO.COM
Comment:
Comment: ********************************************
Comment: Reassignment information for this block is
Comment: available at rwhois.cogentco.com port 4321
Comment: ********************************************
RegDate:
Updated: 2004-12-28
RTechHandle: PSI-NISC-ARIN
RTechName: IP Allocation
RTechPhone: +1-877-875-4311
RTechEmail: ipalloc@cogentco.com
OrgAbuseHandle: COGEN-ARIN
OrgAbuseName: Cogent Abuse
OrgAbusePhone: +1-877-875-4311
OrgAbuseEmail: abuse@cogentco.com
OrgNOCHandle: ZC108-ARIN
OrgNOCName: Cogent Communications
OrgNOCPhone: +1-877-875-4311
OrgNOCEmail: noc@cogentco.com
OrgTechHandle: IPALL-ARIN
OrgTechName: IP Allocation
OrgTechPhone: +1-877-875-4311
OrgTechEmail: ipalloc@cogentco.com
# ARIN WHOIS database, last updated 2006-09-24 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database
I've took out the IP addresses this time.