[TCLUG] Traffic to valinux.com?

Sun Jun 3 12:08:01 CDT 2001

Dave Sherohman <esper at sherohman.org> wrote:
> 
> The last week or so, one of my machines has been logging a lot of ICMP
> destination unreachables from a VA Linux address.  But I have no idea
> why it would be talking to VA at all.
> 
> I've set up an ngrep session to log all traffic to and from
> 198.186.200.0/22, which is the block containing the address sending me
> the dest unreachables, but is there a better way to find out why this
> box keeps talking to them?

My first thought is that the address looks strikingly similar to
192.168.x.y, one of the internal address ranges.  There might just be a
misconfiguration somewhere, a typo or something.

When I was at the U, I once logged some telnet connection attempts from a
system at the National Guard in California.  You can imagine how spooked I
was to see a .mil address in my logs ;-)  However, it just happened that
someone had typed an IP address incorrectly.

Dig around, see what you can find.  If you still can't figure anything
out, get in contact with your ISP and/or VA.  There's a decent chance that
someone else is scratching their head trying to figure it out.

-- 
 _  _  _  _ _  ___    _ _  _  ___ _ _  __   You have saved our lives, 
/ \/ \(_)| ' // ._\  / - \(_)/ ./| ' /(__   we are eternally  
\_||_/|_||_|_\\___/  \_-_/|_|\__\|_|_\ __)  grateful! 
[ Mike Hicks | http://umn.edu/~hick0088/ | mailto:hick0088 at tc.umn.edu ]