1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

What the...

Discussion in 'Networks' started by zebulebu, Oct 30, 2006.

Click here to banish ads and support Certforums by becoming a Premium Member
  1. zebulebu

    zebulebu Terabyte Poster

    I was just looking at my firewall logs in real-time (nerd alert!) when i noticed some traceroutes (Inbound UDP port 33435-33437) to the WAN IP of my router. Nothing particularly odd about that, but I noticed quite a few of them from the same IP, so did a quick lookup of the IP (

    They seem to be originating from the Toronto Star's online site - I looked up a hockey story there earlier on. Why on Earth would the Toronto Star be tracerouting me?

    its stuff like this that makes me paranoid - and is the main reason I hardly ever look at my logs in real time :ohmy
    Certifications: A few
    WIP: None - f*** 'em
  2. Bluerinse
    Honorary Member

    Bluerinse Exabyte Poster

    Why indeed? Could this not be some kind of automated process like a spambot. Maybe they are trying to establish the location of their fans for statistical purposes?
    Certifications: C&G Electronics - MCSA (W2K) MCSE (W2K)
  3. zebulebu

    zebulebu Terabyte Poster

    Thats the only legit reason i can think of - geographic profiling. Still, if this were the case, why make more than one traceroute? I haven't seen any in the last ten minutes, but in the 30 minutes previous there were no less than twelve separate traceroutes performed from that one IP, spread over a 30 minute period.

    Paranoid? Moi?
    Certifications: A few
    WIP: None - f*** 'em
  4. Baba O'Riley

    Baba O'Riley Gigabyte Poster

    My firewall log shows about 30 entries an hour that say "blocked by DDoS protection" (it's built into my router so doesn't go into any more information than that) when I first noticed them I started checking out the IP addresses. Most of them belong to my ISP so I assume they're infected customers of theirs but one or two have belonged to various companies in the US but for all I know, they're spoofed IP addresses so didn't bother taking it further. I couldn't get any joy with the ones from my ISP because they wanted more detailed information than what my firewall provided.

    I think Zeb, you just need to rest assured that your firewall is working.:D
    Certifications: A+, Network+
    WIP: 70-270

Share This Page