[ubuntu-uk] Should I be worried by these strange 'trace routes'?
J Fernyhough
j.fernyhough at gmail.com
Fri Mar 27 21:24:25 UTC 2015
On 27 March 2015 at 21:04, mac <ammonius.grammaticus at gmx.co.uk> wrote:
> Hi folks
>
> Apologies if this is a off topic, but I could do with a bit of advice, and
> can't think where else to ask.
>
> I have a Draytek router with 'DoS Defences' set up in the firewall,
> including 'block trace_route'.
>
> A few weeks ago, I got email alerts from my router to say it was blocking
> trace routes coming from within a block of IP addresses owned by Internap
> Network Services in Georgia, USA. This happened a few days in a row. So I
> turned off my modem and router over night, and got reassigned a different
> dynamic IP by my ISP.
>
> Today, my router alerted me that it was blocking the same source again trace
> routing my new IP address:
>
> 2015/03/27 19:45:23 --[DOS][Block][trace_route][70.42.24.18:36107->
> <MyIPAddress>:33444][UDP][HLen=20,TLen=44]
> 2015/03/27 19:45:24 --[DOS][Block][trace_route][70.42.24.18:36107->
> <MyIPAddress>:33445][UDP][HLen=20,TLen=44]
> 2015/03/27 19:45:28 --[DOS][Block][trace_route][70.42.24.24:36110->
> <MyIPAddress>:33441][UDP][HLen=20,TLen=44]
> 2015/03/27 19:45:29 --[DOS][Block][trace_route][70.42.24.24:36110->
> <MyIPAddress>:33442][UDP][HLen=20,TLen=44]
> 2015/03/27 19:45:33 --[DOS][Block][trace_route][70.42.24.27:36108->
> <MyIPAddress>:33443][UDP][HLen=20,TLen=44]
>
> I'm not running any servers on my home network, and I don't have any
> non-standard ports open.
>
$ host 70.42.24.18
18.24.42.70.in-addr.arpa domain name pointer
performance-measurement-174-1.tor001.pnap.net.
You're not running Tor are you?
J
More information about the ubuntu-uk
mailing list