Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Security Incidents mailing list archives

Re: Is this a traceroute?
From: Blake Frantz <blake () mc net>
Date: Thu, 26 Jul 2001 11:31:12 -0500 (CDT)


Looks like it to me.

<man traceroute>

"The only mandatory parameter is the destination host name or IP number.
The default probe datagram length is 40 bytes, but this may be increased
by specifying a packet length (in bytes) after the destination host name.
...

 -p     Set  the  base UDP port number used in probes (default is 33434).
Traceroute hopes .... "
</man traceroute>

Notice the Length of 40 and the destination port ~ 33400 + <probe number>

hope this helps.

-Blake

================================================================= 
The Government, like diapers, should be replaced regularly, and
often for the same reasons. 

On Wed, 25 Jul 2001, Ford Prefect wrote:


I'm not worried about this scan, simply because I'm confident in my
firewall (namely 'cause almost everything's closed off, and what isn't I
keep up with on exploits and such), but I usually raise an eyebrow when
there's more than a packet or two.  Before I fire off a letter to some
ISP, however, is this "scan" a traceroute that failed because of the
firewall?  I wouldn't consider myself strong enough with packet
fingerprinting to just look at it and know, so I want to ask here before
I make an ass of myself to another admin *grin*

(IP addresses filtered out)

Jul 20 18:38:10 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33507 L=40 S=0x00 I=53411 
F=0x0000 T=1 (#65)
Jul 20 18:38:15 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33508 L=40 S=0x00 I=53412 
F=0x0000 T=1 (#65)
Jul 20 18:38:20 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33509 L=40 S=0x00 I=53413 
F=0x0000 T=1 (#65)
Jul 20 18:38:25 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33510 L=40 S=0x00 I=53414 
F=0x0000 T=2 (#65)
Jul 20 18:38:30 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33511 L=40 S=0x00 I=53415 
F=0x0000 T=2 (#65)
Jul 20 18:38:35 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33512 L=40 S=0x00 I=53416 
F=0x0000 T=2 (#65)
Jul 20 18:38:40 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33513 L=40 S=0x00 I=53417 
F=0x0000 T=3 (#65)
Jul 20 18:38:45 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33514 L=40 S=0x00 I=53418 
F=0x0000 T=3 (#65)
Jul 20 18:38:50 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33515 L=40 S=0x00 I=53419 
F=0x0000 T=3 (#65)
Jul 20 18:38:55 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33516 L=40 S=0x00 I=53420 
F=0x0000 T=4 (#65)
Jul 20 18:39:00 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33517 L=40 S=0x00 I=53421 
F=0x0000 T=4 (#65)
Jul 20 18:39:05 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33518 L=40 S=0x00 I=53422 
F=0x0000 T=4 (#65)
Jul 20 18:39:10 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33519 L=40 S=0x00 I=53423 
F=0x0000 T=5 (#65)
Jul 20 18:39:15 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33520 L=40 S=0x00 I=53424 
F=0x0000 T=5 (#65)
Jul 20 18:39:20 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33521 L=40 S=0x00 I=53425 
F=0x0000 T=5 (#65)
Jul 20 18:39:25 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33522 L=40 S=0x00 I=53426 
F=0x0000 T=6 (#65)
Jul 20 18:39:30 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33523 L=40 S=0x00 I=53427 
F=0x0000 T=6 (#65)
Jul 20 18:39:35 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33524 L=40 S=0x00 I=53428 
F=0x0000 T=6 (#65)
Jul 20 18:39:40 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33525 L=40 S=0x00 I=53429 
F=0x0000 T=7 (#65)
Jul 20 18:39:45 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33526 L=40 S=0x00 I=53430 
F=0x0000 T=7 (#65)
Jul 20 18:39:50 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33527 L=40 S=0x00 I=53431 
F=0x0000 T=7 (#65)
Jul 20 18:39:55 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33528 L=40 S=0x00 I=53432 
F=0x0000 T=8 (#65)
Jul 20 18:40:00 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33529 L=40 S=0x00 I=53433 
F=0x0000 T=8 (#65)
Jul 20 18:40:05 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33530 L=40 S=0x00 I=53434 
F=0x0000 T=8 (#65)
Jul 20 18:40:10 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33531 L=40 S=0x00 I=53435 
F=0x0000 T=9 (#65)
Jul 20 18:40:15 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33532 L=40 S=0x00 I=53436 
F=0x0000 T=9 (#65)
Jul 20 18:40:20 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33533 L=40 S=0x00 I=53437 
F=0x0000 T=9 (#65)
Jul 20 18:40:25 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33534 L=40 S=0x00 I=53438 
F=0x0000 T=10 (#65)
Jul 20 18:40:30 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33535 L=40 S=0x00 I=53439 
F=0x0000 T=10 (#65)
Jul 20 18:40:35 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33536 L=40 S=0x00 I=53440 
F=0x0000 T=10 (#65)
Jul 20 18:40:40 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33537 L=40 S=0x00 I=53441 
F=0x0000 T=11 (#65)
Jul 20 18:40:45 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33538 L=40 S=0x00 I=53442 
F=0x0000 T=11 (#65)
Jul 20 18:40:50 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33539 L=40 S=0x00 I=53443 
F=0x0000 T=11 (#65)
Jul 20 18:40:55 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33540 L=40 S=0x00 I=53444 
F=0x0000 T=12 (#65)
Jul 20 18:41:00 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33541 L=40 S=0x00 I=53445 
F=0x0000 T=12 (#65)
Jul 20 18:41:05 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33542 L=40 S=0x00 I=53446 
F=0x0000 T=12 (#65)
Jul 20 18:41:20 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33545 L=40 S=0x00 I=53449 
F=0x0000 T=13 (#65)
Jul 20 18:41:25 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33546 L=40 S=0x00 I=53450 
F=0x0000 T=14 (#65)
Jul 20 18:41:30 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33547 L=40 S=0x00 I=53451 
F=0x0000 T=14 (#65)
Jul 20 18:41:35 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33548 L=40 S=0x00 I=53452 
F=0x0000 T=14 (#65)
Jul 20 18:41:40 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33549 L=40 S=0x00 I=53453 
F=0x0000 T=15 (#65)
Jul 20 18:41:45 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33550 L=40 S=0x00 I=53454 
F=0x0000 T=15 (#65)
Jul 20 18:41:50 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33551 L=40 S=0x00 I=53455 
F=0x0000 T=15 (#65)
Jul 20 18:41:55 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33552 L=40 S=0x00 I=53456 
F=0x0000 T=16 (#65)
Jul 20 18:42:00 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33553 L=40 S=0x00 I=53457 
F=0x0000 T=16 (#65)
Jul 20 18:42:05 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33554 L=40 S=0x00 I=53458 
F=0x0000 T=16 (#65)
Jul 20 18:42:10 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33555 L=40 S=0x00 I=53459 
F=0x0000 T=17 (#65)
Jul 20 18:42:15 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33556 L=40 S=0x00 I=53460 
F=0x0000 T=17 (#65)
Jul 20 18:42:20 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33557 L=40 S=0x00 I=53461 
F=0x0000 T=17 (#65)
Jul 20 18:42:25 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33558 L=40 S=0x00 I=53462 
F=0x0000 T=18 (#65)
Jul 20 18:42:30 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33559 L=40 S=0x00 I=53463 
F=0x0000 T=18 (#65)
Jul 20 18:42:35 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33560 L=40 S=0x00 I=53464 
F=0x0000 T=18 (#65)
Jul 20 18:42:40 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33561 L=40 S=0x00 I=53465 
F=0x0000 T=19 (#65)
Jul 20 18:42:46 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33562 L=40 S=0x00 I=53466 
F=0x0000 T=19 (#65)
Jul 20 18:42:50 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33563 L=40 S=0x00 I=53467 
F=0x0000 T=19 (#65)
Jul 20 18:42:55 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33564 L=40 S=0x00 I=53468 
F=0x0000 T=20 (#65)
Jul 20 18:43:00 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33565 L=40 S=0x00 I=53469 
F=0x0000 T=20 (#65)
Jul 20 18:43:05 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33566 L=40 S=0x00 I=53470 
F=0x0000 T=20 (#65)
Jul 20 18:43:11 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33567 L=40 S=0x00 I=53471 
F=0x0000 T=21 (#65)
Jul 20 18:43:15 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33568 L=40 S=0x00 I=53472 
F=0x0000 T=21 (#65)
Jul 20 18:43:21 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33569 L=40 S=0x00 I=53473 
F=0x0000 T=21 (#65)
Jul 20 18:43:26 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33570 L=40 S=0x00 I=53474 
F=0x0000 T=22 (#65)
Jul 20 18:43:31 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33571 L=40 S=0x00 I=53475 
F=0x0000 T=22 (#65)
Jul 20 18:43:36 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33572 L=40 S=0x00 I=53476 
F=0x0000 T=22 (#65)
Jul 20 18:43:41 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33573 L=40 S=0x00 I=53477 
F=0x0000 T=23 (#65)
Jul 20 18:43:46 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33574 L=40 S=0x00 I=53478 
F=0x0000 T=23 (#65)
Jul 20 18:43:51 joshua kernel: Packet log: input DENY eth1 PROTO=17 x.x.x.x:53338 x.x.x.x:33575 L=40 S=0x00 I=53479 
F=0x0000 T=23 (#65)



-- 
Steve Huston - New Jersey, USA        |        ICBM: 39.458278 -74.65117
"Listen, your friends have been broken, they tell us of your poison; now
 we know.  Kill them, give them as they give us.  Slay them, burn their
 children's laughter - On To Hell."  -- Yes, "The Gates of Delirium"




----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]