For the past 2 months since I upgrade to a Bussiness class network router, I have been logging attacks from a PUBLIC IP 10.180.16.1 on the WAN port. I did not look closely at the other routers log, so I have no idea how long this has been going on. It is pingable, over 30 hops some times. I sent the logs to Netgear and they said it was a hacker (or someone) tring to hide it's tracks. Doing pretty good so far. I have sent the logs to Comcast Abuse, (3-4 times now) but Comcast has refused to see it as a abuse , Infact they havn't a clue on what is happening. They think it's from my network, which has a 192.168.xxx.xxx ip. NOT MINE it's on the WAN port, Which is COMCAST. Have any one else experience this. The last one said to use www.arin.net to look it up. WAKEUP IT A PUBLIC IP ADDRESS.
I have reloaded all of my pc's with in the last month. I set the router to log and block any outbound activity to 10.180.16.1, No takers, no outbound.
I know Ports 67 & 68 are used for :
bootps 67/tcp Bootstrap Protocol Server
bootps 67/udp Bootstrap Protocol Server
bootpc 68/tcp Bootstrap Protocol Client
bootpc 68/udp Bootstrap Protocol Client
The odd thing about it is Netgear's tech support was able to do a ping and trace from India.
Here is a portion of the log, this comes through every 3-5 minutes 24/7.
Mon Jul 10 12:02:01 2006 time="2006-07-10 12:01:00" proto=17- udp packet - Source:=10.180.16.1 - Destination:=255.255.255.255 - [Destination address broadcast Src 67 Dst 68 from WAN ]
The trace shows this:
10 36 ms 36 ms 44 ms tbr2-p012301.cgcil.ip.att.net [12.123.6.13]
11 36 ms 32 ms 37 ms tbr2-cl7.sl9mo.ip.att.net [12.122.10.46]
12 33 ms 35 ms 36 ms tbr1-cl24.sl9mo.ip.att.net [12.122.9.141]
13 35 ms 35 ms 37 ms tbr2-cl6.dlstx.ip.att.net [12.122.10.90]
14 35 ms 42 ms 37 ms br2-a3120s9.dlstx.ip.att.net [12.123.16.213]
15 38 ms * 34 ms 12.116.2.6
16 35 ms 33 ms 33 ms 10g-9-1-rr01.plano.tx.dallas.comcast.net [68.87.207.82]
17 35 ms 34 ms 32 ms 10.180.16.1
The ODD thing is that Netgear's tech support in India was able to ping and trace this IP. He said it wasn't consistant. Sometimes yes sometimes no. At first they though it was a joke, till they tried it.
My Question is:
How many www users can ping this Public IP and weather or not you are a comcast user.
I think someone hooked up a pc to the wrong port and it is searching for a DHCP server that is not responding.
I have reloaded all of my pc's with in the last month. I set the router to log and block any outbound activity to 10.180.16.1, No takers, no outbound.
I know Ports 67 & 68 are used for :
bootps 67/tcp Bootstrap Protocol Server
bootps 67/udp Bootstrap Protocol Server
bootpc 68/tcp Bootstrap Protocol Client
bootpc 68/udp Bootstrap Protocol Client
The odd thing about it is Netgear's tech support was able to do a ping and trace from India.
Here is a portion of the log, this comes through every 3-5 minutes 24/7.
Mon Jul 10 12:02:01 2006 time="2006-07-10 12:01:00" proto=17- udp packet - Source:=10.180.16.1 - Destination:=255.255.255.255 - [Destination address broadcast Src 67 Dst 68 from WAN ]
The trace shows this:
10 36 ms 36 ms 44 ms tbr2-p012301.cgcil.ip.att.net [12.123.6.13]
11 36 ms 32 ms 37 ms tbr2-cl7.sl9mo.ip.att.net [12.122.10.46]
12 33 ms 35 ms 36 ms tbr1-cl24.sl9mo.ip.att.net [12.122.9.141]
13 35 ms 35 ms 37 ms tbr2-cl6.dlstx.ip.att.net [12.122.10.90]
14 35 ms 42 ms 37 ms br2-a3120s9.dlstx.ip.att.net [12.123.16.213]
15 38 ms * 34 ms 12.116.2.6
16 35 ms 33 ms 33 ms 10g-9-1-rr01.plano.tx.dallas.comcast.net [68.87.207.82]
17 35 ms 34 ms 32 ms 10.180.16.1
The ODD thing is that Netgear's tech support in India was able to ping and trace this IP. He said it wasn't consistant. Sometimes yes sometimes no. At first they though it was a joke, till they tried it.
My Question is:
How many www users can ping this Public IP and weather or not you are a comcast user.
I think someone hooked up a pc to the wrong port and it is searching for a DHCP server that is not responding.