I'm very new to this so please be gentle!
Having read about the DoD IP issues in here, I thought I might add my £0.02:
My router logs from the 28-03-2006 show a very strange sequence of port
attempts.
Tue, 2006-03-28 05:20:52 - UDP Packet - Source:7.12.12.16,13364
Destination:xx.xx.xx.xx,1035 - [DOS]
Tue, 2006-03-28 11:22:41 - UDP Packet - Source:7.12.12.16,13364
Destination:xx.xx.xx.xx,1033 - [DOS]
Tue, 2006-03-28 11:22:41 - UDP Packet - Source:7.12.12.16,13364
Destination:xx.xx.xx.xx,1035 - [DOS]
Tue, 2006-03-28 17:25:53 - UDP Packet - Source:7.12.12.16,13364
Destination:xx.xx.xx.xx,1033 - [DOS]
Tue, 2006-03-28 21:56:20 - UDP Packet - Source:7.12.12.16,13364
Destination:xx.xx.xx.xx,1034 - [DOS]
Tue, 2006-03-28 21:56:20 - UDP Packet - Source:7.12.12.16,13364
Destination:xx.xx.xx.xx,1035 - [DOS]
Tue, 2006-03-28 23:28:43 - UDP Packet - Source:7.12.12.16,13364
Destination:xx.xx.xx.xx,1035 - [DOS]
Tue, 2006-03-28 23:28:43 - UDP Packet - Source:7.12.12.16,13364
Destination:xx.xx.xx.xx,1027 - [DOS]
Wed, 2006-03-29 09:58:11 - UDP Packet - Source:7.12.12.16,13364
Destination:xx.xx.xx.xx,1035 - [DOS]
Wed, 2006-03-29 11:30:32 - UDP Packet - Source:7.12.12.16,13364
Destination:xx.xx.xx.xx,139 - [DOS]
Wed, 2006-03-29 11:30:32 - UDP Packet - Source:7.12.12.16,13364
Destination:xx.xx.xx.xx,1031 - [DOS]
Having checked out the source IP address I got:
OrgName: DoD Network Information Center
OrgID: DNIC
Address: 3990 E. Broad Street
City: Columbus
StateProv: OH
PostalCode: 43218
Country: US
NetRange: 7.0.0.0 - 7.255.255.255
CIDR: 7.0.0.0/8
NetName: DISANET7
NetHandle: NET-7-0-0-0-1
Parent:
NetType: Direct Allocation
Comment: Defense Information Systems Agency
Comment: DISA /D3
Comment: 11440 Isaac Newton Square
Comment: Reston, VA 22090-5087 US
RegDate: 1997-11-24
Updated: 1998-09-26
Obviously this is not correct, but strange that the source IP should be
masquerading as a DoD IP.
