so my firewall.log has
2007-02-25 18:56:41 DROP TCP 169.229.252.77 192.168.0.90 80 1141 1500 A
3198491085 832219613 65535 - - - RECEIVE
and
whois 169.229.252.77 yields
Final results obtained from whois.arin.net.
Results:
University of California, Office of the President UCSD-NET-169-228
(NET-169-229-0-0-1) 169.229.0.0 - 169.233.255.255
What is that all about?
Post removed (X-No-Archive: yes)
Sebastian Gottschalk wrote:
> Rick Merrill wrote:
>
>> What is that all about?
>
> Common internet noise. You cluttering up your logfile with noise.
I know it is common, and I am not worried about it, just curious.
Am I being pinged by the office of the president of University of
California?
Post removed (X-No-Archive: yes)
On Wed, 28 Feb 2007, in the Usenet newsgroup comp.security.firewalls, in article
>so my firewall.log has
>
>2007-02-25 18:56:41 DROP TCP 169.229.252.77 192.168.0.90 80 1141 1500 A
>3198491085 832219613 65535 - - - RECEIVE
>
>
>and
> whois 169.229.252.77 yields
Rick, you post something without context, and incompletely researched,
and you expect positive results?
>What is that all about?
Not enough context. 169.229.252.77 is a web/mail/index server at UC
Bezerkeley - do you have some Cal alums that might be checking their
mail, seeing if their grades are in or some other reason to be connecting
to the Physics department there? Ask them.
A poorly explained log snippet is otherwise just a waste of your time.
As a very wild guess, you've got the firewall set aggressively, and this
MIGHT be a delayed response (notice the flags, port and sequence numbers).
But with a complete lack of details and context - who knows.
>Final results obtained from whois.arin.net.
>Results:
and you're using some shiny crappy toy instead of tools that are found
on nearly all competently installed *nix boxes, and as usual - the crap
tool is providing misleading information. "UCSD-NET-169-228" is a parent
assignment, and not the final (which is UC Berkeley ISTDATA) - though a
simple host lookup would be even more informative.
Old guy
Moe Trin wrote:
> On Wed, 28 Feb 2007, in the Usenet newsgroup comp.security.firewalls, in article
>
>
>> so my firewall.log has
>>
>> 2007-02-25 18:56:41 DROP TCP 169.229.252.77 192.168.0.90 80 1141 1500 A
>> 3198491085 832219613 65535 - - - RECEIVE
>>
>>
>> and
>> whois 169.229.252.77 yields
>
> Rick, you post something without context, and incompletely researched,
> and you expect positive results?
>
>> What is that all about?
>
> Not enough context. 169.229.252.77 is a web/mail/index server at UC
> Bezerkeley - do you have some Cal alums that might be checking their
> mail, seeing if their grades are in or some other reason to be connecting
> to the Physics department there? Ask them.
>
> A poorly explained log snippet is otherwise just a waste of your time.
> As a very wild guess, you've got the firewall set aggressively, and this
> MIGHT be a delayed response (notice the flags, port and sequence numbers).
> But with a complete lack of details and context - who knows.
>
>> Final results obtained from whois.arin.net.
>> Results:
>
> and you're using some shiny crappy toy instead of tools that are found
> on nearly all competently installed *nix boxes, and as usual - the crap
> tool is providing misleading information. "UCSD-NET-169-228" is a parent
> assignment, and not the final (which is UC Berkeley ISTDATA) - though a
> simple host lookup would be even more informative.
>
> Old guy
This is not actually a *nix newsgroup - my sample happens to be from a
Win XP firewall And the "firewall" provides no context. FYI, I am NOT
running any service/server from this location (behind router w. all
ports closed that can be closed)
I accept that it may be a "waste" of my time, and I thank you for
responding to my curiousity.
I think I see what you mean by a "delayed response" and maybe that is
just that.
Thanks,
Rick
-Told my grandson i was 65 - he says,
;-)
On Thu, 01 Mar 2007, in the Usenet newsgroup comp.security.firewalls, in
article <6_qdnaSqe7LNonrYnZ2dnUVZ_sednZ2d@comcast.com>, Rick Merrill wrote:
>This is not actually a *nix newsgroup - my sample happens to be from a
>Win XP firewall And the "firewall" provides no context.
Do yourself a favor and get a real firewall. If this is a windoze
"firewall" it's almost certainly one of the brain-dead variety. We
see posts where the "firewall" is screaming about attacks, but when
you look at the data, it's a slow response that the firewall assumed
had gone missing and forgot about it.
>FYI, I am NOT running any service/server from this location (behind
>router w. all ports closed that can be closed)
No - it looks more like a client behind your firewall, connecting to
www.physics.berkeley.edu
[compton ~]$ host www.physics.berkeley.edu
www.physics.berkeley.edu is a nickname for physics.berkeley.edu
physics.berkeley.edu has address 169.229.252.77
physics.berkeley.edu mail is handled (pri=5) by physics.berkeley.edu
[compton ~]$
Old guy