January 28th, 2002, 04:37 AM
Insufficient Cached Information...
Question for anyone who is willing and able to answer...
Just recently I installed TPF (Tiny Personal Firewall) once the firewall went active every few minutest I would get a connection attempt from 220.127.116.11 - Ok, fine, lets see who this is, so I fire up Visual Route 6b and run a simple trace. The funny thing is that once the ip address is traced down to University College of the Fraser Valley, Abbotsford, BC the trace gives up and gives me this error:
"IP packets are being lost past network "University COllege of the Fraser Valley" at hop 13. There is insufficient cached information to dertermine the next network at hop 14. Node 18.104.22.168 at hop 13 in network University COllege of the Fraser Valley reports the destination host is unreachable"
Is this simply because someone has their machine off or what? I have since uninstalled TPF and installed NeoWatch, and I havent seen the connection attempt.... anyone have a good explination?
btw, NeoWatch: Good, Bad or Ugly??
January 28th, 2002, 05:03 PM
I would have to say that 22.214.171.124 is probably a firewall or a router doing NAT. Furthermore, whatever the device is, it is not responding to ping (which would make me more likely to believe it is a firewall), due to the "request timed out" message.
The .1 address is also indicative of a gateway device usually
So what is happening, is a user from within the remote network is trying to connect to your network. You see the .100.1 address because this is the address that all internal IP's are being NAT'ed to. Since the source ip is being translated, you will more than likely not be able to know the actual IP it is coming from. If it really becomes a concern, I would notify the admin of the network, and he/she can view the translation tables on the gateway to see where the traffic originates from. If all else fails, simply block that IP at your FW.
January 28th, 2002, 11:59 PM
That explination makes good sense, as to why the packets are dissapearing, thanks for the info. Interestingly enough since I have uninstalled TPF the attempts to connect to my machine from the .100.1 ip address have stoped.