Date: Tue, 18 Dec 2001 13:38:18 -0500 From: parv <parv_@yahoo.com> To: f-q <freebsd-questions@freebsd.org> Subject: any way to locate the real source ip of an 10/8 address? Message-ID: <20011218133818.A23891@moo.holy.cow>
next in thread | raw e-mail | index | archive | help
is there hope of locating the real ip address behind an 10.0.0.0/8 address in general? i wouldn't have mind it if ipf blocked only a few of them. but i am seeing an ip address blocked very often. below are two of the >90 ipf alerts w/ most relevant information... b 10.112.1.1,80 -> a.b.c.d,port PR tcp len 20 1500 -A 1044505376 3051010357 17140 IN b 10.112.1.1,80 -> a.b.c.d,port PR tcp len 20 817 -AFP 248335848 1496692188 17204 IN ...here is ipf rule for sake of completeness... block in log body quick on tun0 from 10.0.0.0/8 to any group 200 ...somehow it seems to coincide just after images have been loaded from... http://www.timex.com/ ...select "watch finder" from the first page, then any watch line, then "see the entire line" somewhere at the bottom, then wait for the block alerts. -- curious -- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011218133818.A23891>