[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] [RaQ3] Kernel IP routing table HACKED?

on 7/27/01 4:37 PM, Curtis Ross at Curtis_Ross@xxxxxx wrote:

>> I did, and they said 169.254.183.37 has nothing to do with their
>> network. So
>> what can I do to find the script which loads this ip address during
>> bootup?

> traceroute to cpr.ca

Ok, so here is the output:

[root@www admin]# /usr/sbin/traceroute cpr.ca
traceroute to cpr.ca (209.115.235.33), 30 hops max, 38 byte packets
 1  207.100.34.1 (207.100.34.1)  1.206 ms  1.024 ms  1.110 ms
 2  207.22.135.1 (207.22.135.1)  1.751 ms  20.751 ms  24.250 ms
 3  204.91.127.17 (204.91.127.17)  2.397 ms  1.488 ms  2.074 ms
 4  rdu2-core4-pos6-0.atlas.icix.net (165.117.56.2)  1.674 ms  1.136 ms
1.813 ms
 5  atl1-core5-pos4-3.atlas.icix.net (165.117.51.141)  12.363 ms  17.786 ms
13.374 ms
 6  atl1-core2-pos6-0.atlas.icix.net (165.117.48.137)  12.829 ms  12.823 ms
19.242 ms
 7  165.117.68.190 (165.117.68.190)  13.823 ms  13.834 ms  13.855 ms
 8  146.at-6-0-0.XR1.ATL5.ALTER.NET (152.63.80.118)  14.242 ms  14.263 ms
14.378 ms
 9  0.so-1-0-0.XL1.ATL5.ALTER.NET (152.63.85.189)  14.963 ms  15.030 ms
14.458ms
10  0.so-1-0-0.TL1.ATL5.ALTER.NET (152.63.85.217)  15.450 ms  15.320 ms
19.305ms
11  0.so-7-0-0.TL1.CAL1.Alter.Net (152.63.0.33)  86.834 ms  86.911 ms
89.941 ms
12  297.at-1-0-0.XR1.CAL1.ALTER.NET (152.63.136.73)  87.285 ms  86.831 ms
86.910 ms
13  193.ATM7-0.GW3.CAL1.ALTER.NET (152.63.137.153)  86.915 ms  87.121 ms
86.975 ms
14  telus-gw.customer.alter.net (157.130.110.162)  112.230 ms  102.854 ms *
15  208.38.16.130 (208.38.16.130)  103.175 ms  119.697 ms  102.744 ms
16  clgrab01-cprl01.ab.tac.net (209.115.222.67)  112.785 ms  106.170 ms
104.943 ms
17  * * *

Umm, what does all this mean? And how does the possibly hacked ip
169.254.183.37 have to be in the route table? How can I locate the script
which executes 169.254.183.37 so I can turn it off?

enrique