From owner-freebsd-isp Thu Feb 11 17:44:19 1999 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id RAA23524 for freebsd-isp-outgoing; Thu, 11 Feb 1999 17:44:19 -0800 (PST) (envelope-from owner-freebsd-isp@FreeBSD.ORG) Received: from heaven.gigo.com (ppp.gigo.com [207.173.132.1]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id RAA23515 for ; Thu, 11 Feb 1999 17:44:16 -0800 (PST) (envelope-from jfesler@gigo.com) From: jfesler@gigo.com Received: from heaven.gigo.com (heaven.gigo.com [207.173.133.57]) by heaven.gigo.com (Postfix) with SMTP id 55D241975; Thu, 11 Feb 1999 17:44:15 -0800 (PST) Date: Thu, 11 Feb 1999 17:44:13 -0800 (PST) To: tetsuhiro Cc: "isp@freebsd.org" Subject: Re: Someone sent me a security notice In-Reply-To: <36C37B77.4AD78E47@tsuzuki.ne.jp> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > Yesterday I got a following message from someone via email. > I don't know who he/she is. You can usually use "whois -h whois.internic.net xxx.net" to see who the official contacts are. > > xxx@xxx.net wrote: > > from our log files: > > > >Feb 9 12:14:39 smoke kernel: IP fw-in deny eth1 UDP 152.226.76.37:1277 >206.30.145.4:31337 L=46 > >S=0x00 I=1816 F=0x0000 T=108 > > > > Times are -0500. Please investigate this matter and take appropriate action. > > What should I do? Smells like a traceroute packet. Even if it was meant to be malicious, UDP is too easily spoofable. > Frankly speaking I can not understand what he/she wrote. > I'd like to know he/she got my email address also. Probably something like either tracerouting to your IP address, and looking up contact info for the listed domain name, or by using whois -h whois.arin.net 152.226.76.37 to see what listed info was available that way. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message