an external border, where an atlas probe is on the soft gooey inside, logged packets sourced from 10/8? could this have been the atlas probe? randy Sep 29 08:36:44 r0.sea.rg.net 390: Sep 29 08:36:43.966: %SEC-6-IPACCESSLOGP: list serial-out4 denied tcp 10.13.0.6(53649) -> 23.63.172.166(443), 1 packet Sep 29 08:36:49 r0.sea.rg.net 391: Sep 29 08:36:48.466: %SEC-6-IPACCESSLOGP: list serial-out4 denied tcp 10.13.0.6(46959) -> 23.63.205.115(443), 1 packet Sep 29 08:42:32 r0.sea.rg.net 392: Sep 29 08:42:31.363: %SEC-6-IPACCESSLOGP: list serial-out4 denied tcp 10.13.0.6(53649) -> 23.63.172.166(443), 1 packet Sep 29 11:24:45 r0.sea.rg.net 393: Sep 29 11:24:44.826: %SEC-6-IPACCESSLOGP: list serial-out4 denied tcp 10.13.0.6(32986) -> 64.12.235.15(443), 1 packet Sep 29 11:31:35 r0.sea.rg.net 394: Sep 29 11:31:34.644: %SEC-6-IPACCESSLOGP: list serial-out4 denied tcp 10.13.0.6(53512) -> 143.225.229.137(554), 1 packet Sep 29 11:37:32 r0.sea.rg.net 395: Sep 29 11:37:31.453: %SEC-6-IPACCESSLOGP: list serial-out4 denied tcp 10.13.0.6(53512) -> 143.225.229.137(554), 8 packets Sep 29 11:43:21 r0.sea.rg.net 396: Sep 29 11:43:20.339: %SEC-6-IPACCESSLOGP: list serial-out4 denied tcp 10.13.0.6(59262) -> 38.102.136.104(80), 1 packet Sep 29 11:43:33 r0.sea.rg.net 397: Sep 29 11:43:32.151: %SEC-6-IPACCESSLOGP: list serial-out4 denied tcp 10.13.0.6(60780) -> 69.171.228.74(443), 1 packet Sep 29 11:45:23 r0.sea.rg.net 398: Sep 29 11:45:22.013: %SEC-6-IPACCESSLOGP: list serial-out4 denied tcp 10.13.0.6(60761) -> 69.171.228.74(443), 1 packet Sep 29 11:45:26 r0.sea.rg.net 399: Sep 29 11:45:25.017: %SEC-6-IPACCESSLOGP: list serial-out4 denied tcp 10.13.0.6(60759) -> 69.171.228.74(443), 1 packet Sep 29 11:48:57 r0.sea.rg.net 400: Sep 29 11:48:56.480: %SEC-6-IPACCESSLOGP: list serial-out4 denied tcp 10.13.0.6(46352) -> 174.37.29.147(80), 1 packet Sep 29 11:49:32 r0.sea.rg.net 401: Sep 29 11:49:31.465: %SEC-6-IPACCESSLOGP: list serial-out4 denied tcp 10.13.0.6(60780) -> 69.171.228.74(443), 1 packet Sep 29 11:49:32 r0.sea.rg.net 402: Sep 29 11:49:31.465: %SEC-6-IPACCESSLOGP: list serial-out4 denied tcp 10.13.0.6(60781) -> 69.171.228.74(443), 2 packets Sep 29 11:50:32 r0.sea.rg.net 403: Sep 29 11:50:31.466: %SEC-6-IPACCESSLOGP: list serial-out4 denied tcp 10.13.0.6(60761) -> 69.171.228.74(443), 1 packet Sep 29 11:50:32 r0.sea.rg.net 404: Sep 29 11:50:31.466: %SEC-6-IPACCESSLOGP: list serial-out4 denied tcp 10.13.0.6(60759) -> 69.171.228.74(443), 1 packet Sep 29 11:54:32 r0.sea.rg.net 405: Sep 29 11:54:31.469: %SEC-6-IPACCESSLOGP: list serial-out4 denied tcp 10.13.0.6(46352) -> 174.37.29.147(80), 1 packet Sep 29 12:10:05 r0.sea.rg.net 406: Sep 29 12:10:04.260: %SEC-6-IPACCESSLOGP: list serial-out4 denied tcp 10.13.0.6(60333) -> 193.0.6.139(443), 1 packet Sep 29 12:10:11 r0.sea.rg.net 407: Sep 29 12:10:10.292: %SEC-6-IPACCESSLOGP: list serial-out4 denied tcp 10.13.0.6(60348) -> 193.0.6.139(443), 1 packet Sep 29 12:10:24 r0.sea.rg.net 408: Sep 29 12:10:22.640: %SEC-6-IPACCESSLOGP: list serial-out4 denied tcp 10.13.0.6(60363) -> 193.0.6.139(443), 1 packet Sep 29 12:13:30 r0.sea.rg.net 409: Sep 29 12:13:29.535: %SEC-6-IPACCESSLOGP: list serial-out4 denied tcp 10.13.0.6(33721) -> 193.0.6.133(443), 1 packet Sep 29 12:14:10 r0.sea.rg.net 410: Sep 29 12:14:09.435: %SEC-6-IPACCESSLOGP: list serial-out4 denied tcp 10.13.0.6(37936) -> 178.63.78.16(80), 1 packet Sep 29 12:14:29 r0.sea.rg.net 411: Sep 29 12:14:28.256: %SEC-6-IPACCESSLOGP: list serial-out4 denied tcp 10.13.0.6(33754) -> 193.0.6.133(443), 1 packet Sep 29 12:15:32 r0.sea.rg.net 412: Sep 29 12:15:31.489: %SEC-6-IPACCESSLOGP: list serial-out4 denied tcp 10.13.0.6(60348) -> 193.0.6.139(443), 2 packets Sep 29 12:15:32 r0.sea.rg.net 413: Sep 29 12:15:31.489: %SEC-6-IPACCESSLOGP: list serial-out4 denied tcp 10.13.0.6(60363) -> 193.0.6.139(443), 1 packet Sep 29 12:15:32 r0.sea.rg.net 414: Sep 29 12:15:31.489: %SEC-6-IPACCESSLOGP: list serial-out4 denied tcp 10.13.0.6(60364) -> 193.0.6.139(443), 2 packets Sep 29 12:15:32 r0.sea.rg.net 415: Sep 29 12:15:31.489: %SEC-6-IPACCESSLOGP: list serial-out4 denied tcp 10.13.0.6(60366) -> 193.0.6.139(443), 2 packets Sep 29 12:19:32 r0.sea.rg.net 416: Sep 29 12:19:31.492: %SEC-6-IPACCESSLOGP: list serial-out4 denied tcp 10.13.0.6(37936) -> 178.63.78.16(80), 2 packets Sep 29 12:19:32 r0.sea.rg.net 417: Sep 29 12:19:31.492: %SEC-6-IPACCESSLOGP: list serial-out4 denied tcp 10.13.0.6(33754) -> 193.0.6.133(443), 2 packets Sep 29 12:21:00 r0.sea.rg.net 418: Sep 29 12:20:59.386: %SEC-6-IPACCESSLOGP: list serial-out4 denied tcp 10.13.0.6(39687) -> 206.219.196.114(443), 1 packet Sep 29 12:21:42 r0.sea.rg.net 419: Sep 29 12:21:41.318: %SEC-6-IPACCESSLOGP: list serial-out4 denied tcp 10.13.0.6(39683) -> 206.219.196.114(443), 1 packet Sep 29 12:23:57 r0.sea.rg.net 420: Sep 29 12:23:56.533: %SEC-6-IPACCESSLOGP: list serial-out4 denied tcp 10.13.0.6(56161) -> 88.221.216.66(80), 1 packet Sep 29 12:24:20 r0.sea.rg.net 421: Sep 29 12:24:19.673: %SEC-6-IPACCESSLOGP: list serial-out4 denied tcp 10.13.0.6(39741) -> 206.219.196.114(443), 1 packet Sep 29 12:26:32 r0.sea.rg.net 422: Sep 29 12:26:31.499: %SEC-6-IPACCESSLOGP: list serial-out4 denied tcp 10.13.0.6(39687) -> 206.219.196.114(443), 2 packets Sep 29 12:27:32 r0.sea.rg.net 423: Sep 29 12:27:31.500: %SEC-6-IPACCESSLOGP: list serial-out4 denied tcp 10.13.0.6(39683) -> 206.219.196.114(443), 10 packets Sep 29 12:28:53 r0.sea.rg.net 424: Sep 29 12:28:52.193: %SEC-6-IPACCESSLOGP: list serial-out4 denied tcp 10.13.0.6(44361) -> 64.12.104.224(443), 1 packet Sep 29 12:29:32 r0.sea.rg.net 425: Sep 29 12:29:31.502: %SEC-6-IPACCESSLOGP: list serial-out4 denied tcp 10.13.0.6(56162) -> 88.221.216.66(80), 7 packets Sep 29 12:29:32 r0.sea.rg.net 426: Sep 29 12:29:31.502: %SEC-6-IPACCESSLOGP: list serial-out4 denied tcp 10.13.0.6(56161) -> 88.221.216.66(80), 6 packets
On 10/1/12 16:07 , Randy Bush wrote:
an external border, where an atlas probe is on the soft gooey inside, logged packets sourced from 10/8? could this have been the atlas probe?
It is likely. Maybe you can compare with the list of UDMs on the probe?
On 10/1/12 17:04 , Randy Bush wrote:
an external border, where an atlas probe is on the soft gooey inside, logged packets sourced from 10/8? could this have been the atlas probe? It is likely. Maybe you can compare with the list of UDMs on the probe? uh, how can i tell source address of the udms?
For UDMs you can't. But if you go to the log download and then download the logs for measurement '1' (Traceroute first hop) it should be there. The weird thing is that the TCP connection to '23.63.172.166(443)' is as far as I know not a static measurement and it does not appear in the list of UDMs either.
I don't think is an atlas probe. 193.0.6.133 points to access.ripe.net which we use to connect to RIPE NCC SSO accounts. So my guess is that it's someone that's using browser most probably... Regards, Andreas On Oct 1, 2012, at 4:07 PM, Randy Bush <randy@psg.com> wrote:
an external border, where an atlas probe is on the soft gooey inside, logged packets sourced from 10/8? could this have been the atlas probe?
randy
Sep 29 08:36:44 r0.sea.rg.net 390: Sep 29 08:36:43.966: %SEC-6-IPACCESSLOGP: list serial-out4 denied tcp 10.13.0.6(53649) -> 23.63.172.166(443), 1 packet Sep 29 08:36:49 r0.sea.rg.net 391: Sep 29 08:36:48.466: %SEC-6-IPACCESSLOGP: list serial-out4 denied tcp 10.13.0.6(46959) -> 23.63.205.115(443), 1 packet Sep 29 08:42:32 r0.sea.rg.net 392: Sep 29 08:42:31.363: %SEC-6-IPACCESSLOGP: list serial-out4 denied tcp 10.13.0.6(53649) -> 23.63.172.166(443), 1 packet Sep 29 11:24:45 r0.sea.rg.net 393: Sep 29 11:24:44.826: %SEC-6-IPACCESSLOGP: list serial-out4 denied tcp 10.13.0.6(32986) -> 64.12.235.15(443), 1 packet Sep 29 11:31:35 r0.sea.rg.net 394: Sep 29 11:31:34.644: %SEC-6-IPACCESSLOGP: list serial-out4 denied tcp 10.13.0.6(53512) -> 143.225.229.137(554), 1 packet Sep 29 11:37:32 r0.sea.rg.net 395: Sep 29 11:37:31.453: %SEC-6-IPACCESSLOGP: list serial-out4 denied tcp 10.13.0.6(53512) -> 143.225.229.137(554), 8 packets Sep 29 11:43:21 r0.sea.rg.net 396: Sep 29 11:43:20.339: %SEC-6-IPACCESSLOGP: list serial-out4 denied tcp 10.13.0.6(59262) -> 38.102.136.104(80), 1 packet Sep 29 11:43:33 r0.sea.rg.net 397: Sep 29 11:43:32.151: %SEC-6-IPACCESSLOGP: list serial-out4 denied tcp 10.13.0.6(60780) -> 69.171.228.74(443), 1 packet Sep 29 11:45:23 r0.sea.rg.net 398: Sep 29 11:45:22.013: %SEC-6-IPACCESSLOGP: list serial-out4 denied tcp 10.13.0.6(60761) -> 69.171.228.74(443), 1 packet Sep 29 11:45:26 r0.sea.rg.net 399: Sep 29 11:45:25.017: %SEC-6-IPACCESSLOGP: list serial-out4 denied tcp 10.13.0.6(60759) -> 69.171.228.74(443), 1 packet Sep 29 11:48:57 r0.sea.rg.net 400: Sep 29 11:48:56.480: %SEC-6-IPACCESSLOGP: list serial-out4 denied tcp 10.13.0.6(46352) -> 174.37.29.147(80), 1 packet Sep 29 11:49:32 r0.sea.rg.net 401: Sep 29 11:49:31.465: %SEC-6-IPACCESSLOGP: list serial-out4 denied tcp 10.13.0.6(60780) -> 69.171.228.74(443), 1 packet Sep 29 11:49:32 r0.sea.rg.net 402: Sep 29 11:49:31.465: %SEC-6-IPACCESSLOGP: list serial-out4 denied tcp 10.13.0.6(60781) -> 69.171.228.74(443), 2 packets Sep 29 11:50:32 r0.sea.rg.net 403: Sep 29 11:50:31.466: %SEC-6-IPACCESSLOGP: list serial-out4 denied tcp 10.13.0.6(60761) -> 69.171.228.74(443), 1 packet Sep 29 11:50:32 r0.sea.rg.net 404: Sep 29 11:50:31.466: %SEC-6-IPACCESSLOGP: list serial-out4 denied tcp 10.13.0.6(60759) -> 69.171.228.74(443), 1 packet Sep 29 11:54:32 r0.sea.rg.net 405: Sep 29 11:54:31.469: %SEC-6-IPACCESSLOGP: list serial-out4 denied tcp 10.13.0.6(46352) -> 174.37.29.147(80), 1 packet Sep 29 12:10:05 r0.sea.rg.net 406: Sep 29 12:10:04.260: %SEC-6-IPACCESSLOGP: list serial-out4 denied tcp 10.13.0.6(60333) -> 193.0.6.139(443), 1 packet Sep 29 12:10:11 r0.sea.rg.net 407: Sep 29 12:10:10.292: %SEC-6-IPACCESSLOGP: list serial-out4 denied tcp 10.13.0.6(60348) -> 193.0.6.139(443), 1 packet Sep 29 12:10:24 r0.sea.rg.net 408: Sep 29 12:10:22.640: %SEC-6-IPACCESSLOGP: list serial-out4 denied tcp 10.13.0.6(60363) -> 193.0.6.139(443), 1 packet Sep 29 12:13:30 r0.sea.rg.net 409: Sep 29 12:13:29.535: %SEC-6-IPACCESSLOGP: list serial-out4 denied tcp 10.13.0.6(33721) -> 193.0.6.133(443), 1 packet Sep 29 12:14:10 r0.sea.rg.net 410: Sep 29 12:14:09.435: %SEC-6-IPACCESSLOGP: list serial-out4 denied tcp 10.13.0.6(37936) -> 178.63.78.16(80), 1 packet Sep 29 12:14:29 r0.sea.rg.net 411: Sep 29 12:14:28.256: %SEC-6-IPACCESSLOGP: list serial-out4 denied tcp 10.13.0.6(33754) -> 193.0.6.133(443), 1 packet Sep 29 12:15:32 r0.sea.rg.net 412: Sep 29 12:15:31.489: %SEC-6-IPACCESSLOGP: list serial-out4 denied tcp 10.13.0.6(60348) -> 193.0.6.139(443), 2 packets Sep 29 12:15:32 r0.sea.rg.net 413: Sep 29 12:15:31.489: %SEC-6-IPACCESSLOGP: list serial-out4 denied tcp 10.13.0.6(60363) -> 193.0.6.139(443), 1 packet Sep 29 12:15:32 r0.sea.rg.net 414: Sep 29 12:15:31.489: %SEC-6-IPACCESSLOGP: list serial-out4 denied tcp 10.13.0.6(60364) -> 193.0.6.139(443), 2 packets Sep 29 12:15:32 r0.sea.rg.net 415: Sep 29 12:15:31.489: %SEC-6-IPACCESSLOGP: list serial-out4 denied tcp 10.13.0.6(60366) -> 193.0.6.139(443), 2 packets Sep 29 12:19:32 r0.sea.rg.net 416: Sep 29 12:19:31.492: %SEC-6-IPACCESSLOGP: list serial-out4 denied tcp 10.13.0.6(37936) -> 178.63.78.16(80), 2 packets Sep 29 12:19:32 r0.sea.rg.net 417: Sep 29 12:19:31.492: %SEC-6-IPACCESSLOGP: list serial-out4 denied tcp 10.13.0.6(33754) -> 193.0.6.133(443), 2 packets Sep 29 12:21:00 r0.sea.rg.net 418: Sep 29 12:20:59.386: %SEC-6-IPACCESSLOGP: list serial-out4 denied tcp 10.13.0.6(39687) -> 206.219.196.114(443), 1 packet Sep 29 12:21:42 r0.sea.rg.net 419: Sep 29 12:21:41.318: %SEC-6-IPACCESSLOGP: list serial-out4 denied tcp 10.13.0.6(39683) -> 206.219.196.114(443), 1 packet Sep 29 12:23:57 r0.sea.rg.net 420: Sep 29 12:23:56.533: %SEC-6-IPACCESSLOGP: list serial-out4 denied tcp 10.13.0.6(56161) -> 88.221.216.66(80), 1 packet Sep 29 12:24:20 r0.sea.rg.net 421: Sep 29 12:24:19.673: %SEC-6-IPACCESSLOGP: list serial-out4 denied tcp 10.13.0.6(39741) -> 206.219.196.114(443), 1 packet Sep 29 12:26:32 r0.sea.rg.net 422: Sep 29 12:26:31.499: %SEC-6-IPACCESSLOGP: list serial-out4 denied tcp 10.13.0.6(39687) -> 206.219.196.114(443), 2 packets Sep 29 12:27:32 r0.sea.rg.net 423: Sep 29 12:27:31.500: %SEC-6-IPACCESSLOGP: list serial-out4 denied tcp 10.13.0.6(39683) -> 206.219.196.114(443), 10 packets Sep 29 12:28:53 r0.sea.rg.net 424: Sep 29 12:28:52.193: %SEC-6-IPACCESSLOGP: list serial-out4 denied tcp 10.13.0.6(44361) -> 64.12.104.224(443), 1 packet Sep 29 12:29:32 r0.sea.rg.net 425: Sep 29 12:29:31.502: %SEC-6-IPACCESSLOGP: list serial-out4 denied tcp 10.13.0.6(56162) -> 88.221.216.66(80), 7 packets Sep 29 12:29:32 r0.sea.rg.net 426: Sep 29 12:29:31.502: %SEC-6-IPACCESSLOGP: list serial-out4 denied tcp 10.13.0.6(56161) -> 88.221.216.66(80), 6 packets
participants (3)
-
Andreas Strikos -
Philip Homburg -
Randy Bush