Re: Is this a traceroute?

From: Blake Frantz (blake@mc.net)
Date: 07/26/01


Date: Thu, 26 Jul 2001 11:31:12 -0500 (CDT)
From: Blake Frantz <blake@mc.net>
To: Ford Prefect <huston@elvis.rowan.edu>
Subject: Re: Is this a traceroute?
Message-ID: <Pine.BSI.4.05L.10107261112400.14717-100000@maxx.mc.net>


Looks like it to me.

<man traceroute>

"The only mandatory parameter is the destination host name or IP number.
The default probe datagram length is 40 bytes, but this may be increased
by specifying a packet length (in bytes) after the destination host name.
...

 -p Set the base UDP port number used in probes (default is 33434).
Traceroute hopes .... "
</man traceroute>

Notice the Length of 40 and the destination port ~ 33400 + <probe number>

hope this helps.

-Blake

=================================================================
The Government, like diapers, should be replaced regularly, and
often for the same reasons.

On Wed, 25 Jul 2001, Ford Prefect wrote:

> I'm not worried about this scan, simply because I'm confident in my
> firewall (namely 'cause almost everything's closed off, and what isn't I
> keep up with on exploits and such), but I usually raise an eyebrow when
> there's more than a packet or two. Before I fire off a letter to some
> ISP, however, is this "scan" a traceroute that failed because of the
> firewall? I wouldn't consider myself strong enough with packet
> fingerprinting to just look at it and know, so I want to ask here before
> I make an ass of myself to another admin *grin*
>
> (IP addresses filtered out)
>
> Jul 20 18:38:10 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33507 L=40 S=0x00 I=53411 F=0x0000 T=1 (#65)
> Jul 20 18:38:15 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33508 L=40 S=0x00 I=53412 F=0x0000 T=1 (#65)
> Jul 20 18:38:20 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33509 L=40 S=0x00 I=53413 F=0x0000 T=1 (#65)
> Jul 20 18:38:25 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33510 L=40 S=0x00 I=53414 F=0x0000 T=2 (#65)
> Jul 20 18:38:30 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33511 L=40 S=0x00 I=53415 F=0x0000 T=2 (#65)
> Jul 20 18:38:35 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33512 L=40 S=0x00 I=53416 F=0x0000 T=2 (#65)
> Jul 20 18:38:40 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33513 L=40 S=0x00 I=53417 F=0x0000 T=3 (#65)
> Jul 20 18:38:45 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33514 L=40 S=0x00 I=53418 F=0x0000 T=3 (#65)
> Jul 20 18:38:50 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33515 L=40 S=0x00 I=53419 F=0x0000 T=3 (#65)
> Jul 20 18:38:55 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33516 L=40 S=0x00 I=53420 F=0x0000 T=4 (#65)
> Jul 20 18:39:00 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33517 L=40 S=0x00 I=53421 F=0x0000 T=4 (#65)
> Jul 20 18:39:05 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33518 L=40 S=0x00 I=53422 F=0x0000 T=4 (#65)
> Jul 20 18:39:10 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33519 L=40 S=0x00 I=53423 F=0x0000 T=5 (#65)
> Jul 20 18:39:15 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33520 L=40 S=0x00 I=53424 F=0x0000 T=5 (#65)
> Jul 20 18:39:20 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33521 L=40 S=0x00 I=53425 F=0x0000 T=5 (#65)
> Jul 20 18:39:25 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33522 L=40 S=0x00 I=53426 F=0x0000 T=6 (#65)
> Jul 20 18:39:30 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33523 L=40 S=0x00 I=53427 F=0x0000 T=6 (#65)
> Jul 20 18:39:35 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33524 L=40 S=0x00 I=53428 F=0x0000 T=6 (#65)
> Jul 20 18:39:40 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33525 L=40 S=0x00 I=53429 F=0x0000 T=7 (#65)
> Jul 20 18:39:45 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33526 L=40 S=0x00 I=53430 F=0x0000 T=7 (#65)
> Jul 20 18:39:50 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33527 L=40 S=0x00 I=53431 F=0x0000 T=7 (#65)
> Jul 20 18:39:55 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33528 L=40 S=0x00 I=53432 F=0x0000 T=8 (#65)
> Jul 20 18:40:00 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33529 L=40 S=0x00 I=53433 F=0x0000 T=8 (#65)
> Jul 20 18:40:05 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33530 L=40 S=0x00 I=53434 F=0x0000 T=8 (#65)
> Jul 20 18:40:10 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33531 L=40 S=0x00 I=53435 F=0x0000 T=9 (#65)
> Jul 20 18:40:15 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33532 L=40 S=0x00 I=53436 F=0x0000 T=9 (#65)
> Jul 20 18:40:20 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33533 L=40 S=0x00 I=53437 F=0x0000 T=9 (#65)
> Jul 20 18:40:25 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33534 L=40 S=0x00 I=53438 F=0x0000 T=10 (#65)
> Jul 20 18:40:30 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33535 L=40 S=0x00 I=53439 F=0x0000 T=10 (#65)
> Jul 20 18:40:35 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33536 L=40 S=0x00 I=53440 F=0x0000 T=10 (#65)
> Jul 20 18:40:40 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33537 L=40 S=0x00 I=53441 F=0x0000 T=11 (#65)
> Jul 20 18:40:45 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33538 L=40 S=0x00 I=53442 F=0x0000 T=11 (#65)
> Jul 20 18:40:50 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33539 L=40 S=0x00 I=53443 F=0x0000 T=11 (#65)
> Jul 20 18:40:55 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33540 L=40 S=0x00 I=53444 F=0x0000 T=12 (#65)
> Jul 20 18:41:00 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33541 L=40 S=0x00 I=53445 F=0x0000 T=12 (#65)
> Jul 20 18:41:05 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33542 L=40 S=0x00 I=53446 F=0x0000 T=12 (#65)
> Jul 20 18:41:20 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33545 L=40 S=0x00 I=53449 F=0x0000 T=13 (#65)
> Jul 20 18:41:25 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33546 L=40 S=0x00 I=53450 F=0x0000 T=14 (#65)
> Jul 20 18:41:30 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33547 L=40 S=0x00 I=53451 F=0x0000 T=14 (#65)
> Jul 20 18:41:35 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33548 L=40 S=0x00 I=53452 F=0x0000 T=14 (#65)
> Jul 20 18:41:40 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33549 L=40 S=0x00 I=53453 F=0x0000 T=15 (#65)
> Jul 20 18:41:45 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33550 L=40 S=0x00 I=53454 F=0x0000 T=15 (#65)
> Jul 20 18:41:50 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33551 L=40 S=0x00 I=53455 F=0x0000 T=15 (#65)
> Jul 20 18:41:55 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33552 L=40 S=0x00 I=53456 F=0x0000 T=16 (#65)
> Jul 20 18:42:00 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33553 L=40 S=0x00 I=53457 F=0x0000 T=16 (#65)
> Jul 20 18:42:05 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33554 L=40 S=0x00 I=53458 F=0x0000 T=16 (#65)
> Jul 20 18:42:10 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33555 L=40 S=0x00 I=53459 F=0x0000 T=17 (#65)
> Jul 20 18:42:15 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33556 L=40 S=0x00 I=53460 F=0x0000 T=17 (#65)
> Jul 20 18:42:20 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33557 L=40 S=0x00 I=53461 F=0x0000 T=17 (#65)
> Jul 20 18:42:25 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33558 L=40 S=0x00 I=53462 F=0x0000 T=18 (#65)
> Jul 20 18:42:30 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33559 L=40 S=0x00 I=53463 F=0x0000 T=18 (#65)
> Jul 20 18:42:35 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33560 L=40 S=0x00 I=53464 F=0x0000 T=18 (#65)
> Jul 20 18:42:40 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33561 L=40 S=0x00 I=53465 F=0x0000 T=19 (#65)
> Jul 20 18:42:46 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33562 L=40 S=0x00 I=53466 F=0x0000 T=19 (#65)
> Jul 20 18:42:50 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33563 L=40 S=0x00 I=53467 F=0x0000 T=19 (#65)
> Jul 20 18:42:55 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33564 L=40 S=0x00 I=53468 F=0x0000 T=20 (#65)
> Jul 20 18:43:00 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33565 L=40 S=0x00 I=53469 F=0x0000 T=20 (#65)
> Jul 20 18:43:05 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33566 L=40 S=0x00 I=53470 F=0x0000 T=20 (#65)
> Jul 20 18:43:11 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33567 L=40 S=0x00 I=53471 F=0x0000 T=21 (#65)
> Jul 20 18:43:15 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33568 L=40 S=0x00 I=53472 F=0x0000 T=21 (#65)
> Jul 20 18:43:21 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33569 L=40 S=0x00 I=53473 F=0x0000 T=21 (#65)
> Jul 20 18:43:26 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33570 L=40 S=0x00 I=53474 F=0x0000 T=22 (#65)
> Jul 20 18:43:31 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33571 L=40 S=0x00 I=53475 F=0x0000 T=22 (#65)
> Jul 20 18:43:36 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33572 L=40 S=0x00 I=53476 F=0x0000 T=22 (#65)
> Jul 20 18:43:41 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33573 L=40 S=0x00 I=53477 F=0x0000 T=23 (#65)
> Jul 20 18:43:46 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33574 L=40 S=0x00 I=53478 F=0x0000 T=23 (#65)
> Jul 20 18:43:51 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33575 L=40 S=0x00 I=53479 F=0x0000 T=23 (#65)
>
>
>
> --
> Steve Huston - New Jersey, USA | ICBM: 39.458278 -74.65117
> "Listen, your friends have been broken, they tell us of your poison; now
> we know. Kill them, give them as they give us. Slay them, burn their
> children's laughter - On To Hell." -- Yes, "The Gates of Delirium"
>

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com



Relevant Pages

  • Re: PF or "traceroute -e -P TCP" bug?
    ... As I understand the -e option, that should send a sequence of TCP SYNs ... With constant source and destination ports, the first probe should ... create a state entry and all further probes (of the same traceroute ...
    (freebsd-net)
  • Re: Trouble-shooting traceroute
    ... datagrams as the probe. ... sending ICMP echo-request and ... Traceroute things closer and closer to home until you can find out ... But most likely the router just upstream of you has been explicitly told to ignore the traffic that traceroute needs to work. ...
    (comp.unix.questions)
  • Re: Trouble-shooting traceroute
    ... datagrams as the probe. ... sending ICMP echo-request and ... Traceroute things closer and closer to home until you can find out ...
    (comp.unix.questions)
  • Re: Trouble-shooting traceroute
    ... datagrams as the probe. ... sending ICMP echo-request and ... Traceroute things closer and closer to home until you can find out ...
    (comp.unix.questions)
  • Re: Traceroute anomaly
    ... source of this traceroute - in C, of course - on the system. ... on the packet path over the IP network. ... is not open on the destination IP node. ... The ICMP packet contains the address of the receiving ...
    (comp.dcom.sys.cisco)