am i being nuked or what?
above capture is just one of how many god knows? apparently they are identical, only source port changes between packets in range 40000-65000.Frame 219 (74 bytes on wire, 74 bytes captured)
Arrival Time: Aug 18, 2003 00:04:38.372710000
Time delta from previous packet: 0.692336000 seconds
Time relative to first packet: 182.879577000 seconds
Frame Number: 219
Packet Length: 74 bytes
Capture Length: 74 bytes
Ethernet II, Src: 00:09:12:86:80:70, Dst: 00:10:4b:9a:12:c6
Destination: 00:10:4b:9a:12:c6 (3Com_9a:12:c6)
Source: 00:09:12:86:80:70 (Cisco_86:80:70)
Type: IP (0x0800)
Internet Protocol, Src Addr: dizzo (205.232.XXX.XXX), Dst Addr: ip80-81-XXX-XXX.kotivayla.net (80.81.XXX.XXX)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 60
Identification: 0x8563
Flags: 0x04
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 49
Protocol: TCP (0x06)
Header checksum: 0xaa80 (correct)
Source: dizzo (205.232.XXX.XXX)
Destination: ip80-81-XXX-XXX.kotivayla.net (80.81.XXX.XXX)
Transmission Control Protocol, Src Port: 55615 (55615), Dst Port: 6881 (6881), Seq: 0, Ack: 0, Len: 0
Source port: 55615 (55615)
Destination port: 6881 (6881)
Sequence number: 0
Header length: 40 bytes
Flags: 0x0002 (SYN)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...0 .... = Acknowledgment: Not set
.... 0... = Push: Not set
.... .0.. = Reset: Not set
.... ..1. = Syn: Set
.... ...0 = Fin: Not set
Window size: 32768
Checksum: 0xb06c (correct)
Options: (20 bytes)
Maximum segment size: 1380 bytes
NOP
Window scale: 0 (multiply by 1)
NOP
NOP
Time stamp: tsval 3570602575, tsecr 0
above is only a small sample of firewall log.1,[17/Aug/2003 18:15:59] Rule 'Packet to unopened port received': Blocked: In TCP, dizzo [205.232.XXX.XXX:54373]->localhost:6881, Owner: no owner
1,[17/Aug/2003 18:16:02] Rule 'Packet to unopened port received': Blocked: In TCP, dizzo [205.232.XXX.XXX:54373]->localhost:6881, Owner: no owner
1,[17/Aug/2003 18:16:05] Rule 'Packet to unopened port received': Blocked: In TCP, dizzo [205.232.XXX.XXX:54373]->localhost:6881, Owner: no owner
1,[17/Aug/2003 18:16:08] Rule 'Packet to unopened port received': Blocked: In TCP, dizzo [205.232.XXX.XXX:54373]->localhost:6881, Owner: no owner
1,[17/Aug/2003 18:16:11] Rule 'Packet to unopened port received': Blocked: In TCP, dizzo [205.232.XXX.XXX:54373]->localhost:6881, Owner: no owner
1,[17/Aug/2003 18:16:11] Rule 'Packet to unopened port received': Blocked: In TCP, dizzo [205.232.XXX.XXX:54466]->localhost:6881, Owner: no owner
1,[17/Aug/2003 18:16:14] Rule 'Packet to unopened port received': Blocked: In TCP, dizzo [205.232.XXX.XXX:54466]->localhost:6881, Owner: no owner
1,[17/Aug/2003 18:16:14] Rule 'Packet to unopened port received': Blocked: In TCP, dizzo [205.232.XXX.XXX:54373]->localhost:6881, Owner: no owner
1,[17/Aug/2003 18:16:17] Rule 'Packet to unopened port received': Blocked: In TCP, dizzo [205.232.XXX.XXX:54466]->localhost:6881, Owner: no owner
1,[17/Aug/2003 18:16:20] Rule 'Packet to unopened port received': Blocked: In TCP, dizzo [205.232.XXX.XXX:54373]->localhost:6881, Owner: no owner
1,[17/Aug/2003 18:16:26] Rule 'Packet to unopened port received': Blocked: In TCP, dizzo [205.232.XXX.XXX:54466]->localhost:6881, Owner: no owner
1,[17/Aug/2003 18:16:32] Rule 'Packet to unopened port received': Blocked: In TCP, dizzo [205.232.XXX.XXX:54466]->localhost:6881, Owner: no owner
seems weird since this has been going on since last friday and originates from usa. i have already notified the company to which the ip belongs about this issue.
id just like to know for sure of whats going on.
Reply With Quote