The Boston Diaries

The ongoing saga of a programmer who doesn't live in Boston, nor does he even like Boston, but yet named his weblog/journal “The Boston Diaries.”

Go figure.

Wednesday, October 25, 2000

The first day on the night shift and I walk into a fire storm. The entire network is doing the yo-yo fadango.

Nice.


The only job more potentially boring than the one I have is the security guard that sits in the same office as I do, watching the camera monitors.

I mean, it's somewhat interesting to watch the monitors from time to time, but for hours on end? Without a computer?


I'm under a wierd network attack. I'm seeing the following:

S:00C07B4D7D81 D:00806981001F  IPv4        S:163.153.172.6   D:208.26.72.31     ICMP    echo request	1038
S:00806981001F D:00C07B4D7D81  IPv4        S:163.153.172.6   D:208.26.72.31     ICMP    echo request	1038
S:00C07B4D7D81 D:00806981001F  IPv4        S:163.153.172.6   D:208.26.72.31     ICMP    echo request	1038
S:00806981001F D:00C07B4D7D81  IPv4        S:163.153.172.6   D:208.26.72.31     ICMP    echo request	1038
S:00C07B4D7D81 D:00806981001F  IPv4        S:163.153.172.6   D:208.26.72.31     ICMP    echo request	1038
S:00806981001F D:00C07B4D7D81  IPv4        S:163.153.172.6   D:208.26.72.31     ICMP    echo request	1038
S:00C07B4D7D81 D:00806981001F  IPv4        S:163.153.172.6   D:208.26.72.31     ICMP    echo request	1038
S:00806981001F D:00C07B4D7D81  IPv4        S:163.153.172.6   D:208.26.72.31     ICMP    echo request	1038
S:00C07B4D7D81 D:00806981001F  IPv4        S:163.153.172.6   D:208.26.72.31     ICMP    echo request	1038
S:00806981001F D:00C07B4D7D81  IPv4        S:163.153.172.6   D:208.26.72.31     ICMP    echo request	1038

Ad nasuem. 00:C0:7B:4D:7D:81 is the ISDN unit, and 00:80:69:81:00:1F is the terminal server I have, which Mark used to dial into, until he got IDSL. I turned the terminal server off, and I'm still seeing echo requests from 163.153.172.6 coming in, every three seconds or so. There's nothing in the packets (just zeros) which is odd. I can't traceroute to 163.153.172.6 so it's probably forged source packets.

The destination IP address is interesting—it was Mark's broadcast address, which leads me to think this is a so called smurf attack.

Obligatory Picture

[It's a study in contrasts—digital camera contrasts]

Obligatory Links

Obligatory Miscellaneous

You have my permission to link freely to any entry here. Go ahead, I won't bite. I promise.

The dates are the permanent links to that day's entries (or entry, if there is only one entry). The titles are the permanent links to that entry only. The format for the links are simple: Start with the base link for this site: http://boston.conman.org/, then add the date you are interested in, say 2000/08/01, so that would make the final URL:

http://boston.conman.org/2000/08/01

You can also specify the entire month by leaving off the day portion. You can even select an arbitrary portion of time.

You may also note subtle shading of the links and that's intentional: the “closer” the link is (relative to the page) the “brighter” it appears. It's an experiment in using color shading to denote the distance a link is from here. If you don't notice it, don't worry; it's not all that important.

It is assumed that every brand name, slogan, corporate name, symbol, design element, et cetera mentioned in these pages is a protected and/or trademarked entity, the sole property of its owner(s), and acknowledgement of this status is implied.

Copyright © 1999-2018 by Sean Conner. All Rights Reserved.