Just your type

Invalid Packets From the DoD

Posted December 28, 2009 – 16:40 in: Nullamatix, syndicated

The firewall policies on Nullamatix.com DROP invalid connection attempts. Specifically, if an attempt to start a new tcp connection is not a syn packet, the packet is rejected. This morning I noticed a few dropped connection attempts from an unusual source, The U.S. Department of Defense. Here are the logs:

Dec 27 05:00:38: SRC=140.32.107.150 PROTO=TCP SPT=53175 DPT=80
Dec 27 05:01:53: SRC=140.32.107.150 PROTO=TCP SPT=53175 DPT=80
Dec 27 05:03:08: SRC=140.32.107.150 PROTO=TCP SPT=53175 DPT=80
Dec 27 05:04:23: SRC=140.32.107.150 PROTO=TCP SPT=53175 DPT=80
Dec 27 05:05:38: SRC=140.32.107.150 PROTO=TCP SPT=53175 DPT=80
Dec 27 05:06:53: SRC=140.32.107.150 PROTO=TCP SPT=53175 DPT=80
Dec 27 05:09:23: SRC=140.32.107.150 PROTO=TCP SPT=53175 DPT=80
Dec 18 09:25:19: SRC=140.32.107.150 PROTO=TCP SPT=11601 DPT=80
Dec 18 09:26:34: SRC=140.32.107.150 PROTO=TCP SPT=11601 DPT=80
Dec 18 09:27:49: SRC=140.32.107.150 PROTO=TCP SPT=11601 DPT=80
Dec 18 09:29:04: SRC=140.32.107.150 PROTO=TCP SPT=11601 DPT=80
Dec 18 09:30:19: SRC=140.32.107.150 PROTO=TCP SPT=11601 DPT=80
Dec 18 09:31:34: SRC=140.32.107.150 PROTO=TCP SPT=11601 DPT=80
Dec 18 09:32:49: SRC=140.32.107.150 PROTO=TCP SPT=11601 DPT=80
Dec 18 09:34:04: SRC=140.32.107.150 PROTO=TCP SPT=11601 DPT=80

What’s really interesting are the lack of Lighttpd logs. Based on the logs I have, that IP has never made a legitimate visit to any of the sites hosted on this server. So what’s the DoD up to? I don’t mind them visiting at all, but why the invalid connection attempts? If someone at the DoD wants some information about this server, all they have to do is ask.

Whois Information for 140.32.107.150

OrgName:    DoD Network Information Center
OrgID:      DNIC
Address:    3990 E. Broad Street
City:       Columbus
StateProv:  OH
PostalCode: 43218
Country:    US

NetRange:   140.32.0.0 - 140.32.255.255
CIDR:       140.32.0.0/16
NetName:    SUM-DET-5
NetHandle:  NET-140-32-0-0-1
Parent:     NET-140-0-0-0-0
NetType:    Direct Assignment
NameServer: NS1.ARL.ARMY.MIL
NameServer: NS1.NOSC.MIL
NameServer: NS1.HPCMO.HPC.MIL
Comment:
RegDate:    1990-04-08
Updated:    2007-08-23

OrgTechHandle: MIL-HSTMST-ARIN
OrgTechName:   Network DoD
OrgTechPhone:  +1-800-365-3642
OrgTechEmail:  HOST...@nic.mil

OrgTechHandle: REGIS10-ARIN
OrgTechName:   Registration
OrgTechPhone:  +1-800-365-3642
OrgTechEmail:  REGI...@nic.mil

See Also:

• May 13, 2009 — IPTables Drop Log For 05.12.09
• December 26, 2009 — WordPress Hacks Worth Implementing
• December 25, 2009 — New Tool: Daily [Mod] Security Reports
• December 13, 2009 — Nullamatix.com – DDoS Attack 12-2009

  Tags:

Post a Comment

You must be logged in to post a comment.

-->

Recent posts

The Great 2010 Hosting Move
July 24th, 2008

Hello Old Friend
July 24th, 2008

Video Ephemera and the FFF
July 24th, 2008

Pioneer One
July 24th, 2008

Recent Comments

Joeeigel: I've been using this theme since late 2007, I thought its ex...

Blogroll

Development Blog
Documentation
Plugins
Suggest Ideas
Support Forum
Themes
WordPress Planet