Results 1 to 3 of 3

Thread: Insufficient Cached Information...

  1. #1
    Junior Member
    Join Date
    Jan 2002
    Posts
    2

    Question Insufficient Cached Information...

    Question for anyone who is willing and able to answer...

    Just recently I installed TPF (Tiny Personal Firewall) once the firewall went active every few minutest I would get a connection attempt from 198.162.100.1 - Ok, fine, lets see who this is, so I fire up Visual Route 6b and run a simple trace. The funny thing is that once the ip address is traced down to University College of the Fraser Valley, Abbotsford, BC the trace gives up and gives me this error:

    "IP packets are being lost past network "University COllege of the Fraser Valley" at hop 13. There is insufficient cached information to dertermine the next network at hop 14. Node 198.162.110.34 at hop 13 in network University COllege of the Fraser Valley reports the destination host is unreachable"

    Is this simply because someone has their machine off or what? I have since uninstalled TPF and installed NeoWatch, and I havent seen the connection attempt.... anyone have a good explination?

    btw, NeoWatch: Good, Bad or Ugly??

    Fable

  2. #2
    Senior Member
    Join Date
    Jan 2002
    Posts
    458
    I would have to say that 198.162.100.1 is probably a firewall or a router doing NAT. Furthermore, whatever the device is, it is not responding to ping (which would make me more likely to believe it is a firewall), due to the "request timed out" message.

    The .1 address is also indicative of a gateway device usually

    So what is happening, is a user from within the remote network is trying to connect to your network. You see the .100.1 address because this is the address that all internal IP's are being NAT'ed to. Since the source ip is being translated, you will more than likely not be able to know the actual IP it is coming from. If it really becomes a concern, I would notify the admin of the network, and he/she can view the translation tables on the gateway to see where the traffic originates from. If all else fails, simply block that IP at your FW.

  3. #3
    Junior Member
    Join Date
    Jan 2002
    Posts
    2
    That explination makes good sense, as to why the packets are dissapearing, thanks for the info. Interestingly enough since I have uninstalled TPF the attempts to connect to my machine from the .100.1 ip address have stoped.

    Thanks again!
    Fable

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •