What the...

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

I was just looking at my firewall logs in real-time (nerd alert!) when i noticed some traceroutes (Inbound UDP port 33435-33437) to the WAN IP of my router. Nothing particularly odd about that, but I noticed quite a few of them from the same IP, so did a quick lookup of the IP (192.206.151.250)

They seem to be originating from the Toronto Star's online site - I looked up a hockey story there earlier on. Why on Earth would the Toronto Star be tracerouting me?

its stuff like this that makes me paranoid - and is the main reason I hardly ever look at my logs in real time

 

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

Why indeed? Could this not be some kind of automated process like a spambot. Maybe they are trying to establish the location of their fans for statistical purposes?

 

Thats the only legit reason i can think of - geographic profiling. Still, if this were the case, why make more than one traceroute? I haven't seen any in the last ten minutes, but in the 30 minutes previous there were no less than twelve separate traceroutes performed from that one IP, spread over a 30 minute period.

Paranoid? Moi?

 

My firewall log shows about 30 entries an hour that say "blocked by DDoS protection" (it's built into my router so doesn't go into any more information than that) when I first noticed them I started checking out the IP addresses. Most of them belong to my ISP so I assume they're infected customers of theirs but one or two have belonged to various companies in the US but for all I know, they're spoofed IP addresses so didn't bother taking it further. I couldn't get any joy with the ones from my ISP because they wanted more detailed information than what my firewall provided.

I think Zeb, you just need to rest assured that your firewall is working.