Mystery packets from ISP

Michelle Rempel mrempel at gppl.ab.ca
Fri Mar 22 13:03:45 EST 2002


I'm hoping that someone will have the answer to this question as this list 
seemed the best place to post since it is Web related.  Is there another 
list that is for network security in libraries?

A little over a year ago we broke off from a larger network and got our own 
firewall and Internet connection.  Right from the beginning, I noticed that 
the firewall logs showed many packets from the same few IP addresses.  The 
requests are anywhere from a minute to 5 minutes apart and according to the 
logs are coming in all times of the day and night.  Here are some examples:

03/08/2002 01:28:13.080 - ICMP packet dropped - Source:205.233.111.218, 3, 
WAN - Destination:142.59.254.41, 3, LAN - 'Dest Unreachable' - Rule 0
03/08/2002 01:33:46.112 - ICMP packet dropped - Source:205.233.111.218, 3, 
WAN - Destination:142.59.254.41, 3, LAN - 'Dest Unreachable' - Rule 0
03/08/2002 01:35:52.000 - ICMP packet dropped - Source:205.233.111.221, 3, 
WAN - Destination:142.59.254.41, 3, LAN - 'Dest Unreachable' - Rule 0

I did a whois search and found that the IPs were our ISP.  When I got in 
touch with them the only information that they could give me was that their 
servers were responding to a request from somewhere in our network.  The 
request is on port 3 which according to IANA is compressnet.

The information I found on compressnet is : "CompressNET enables 
organizations running TCP/IP over X.25 and other wide-area networks to 
successfully address several critical business issues, including WAN 
traffic congestion and skyrocketing carriers."  The operating system 
specified is Solaris.  We are Win NT server with Win 95, 98, NT and 2000 boxes.

I'd like to get rid of this traffic if it is unnecessary.  Either I've 
missed something locally or I need to provide some specific information to 
the ISP to fix this on their end.  Does anyone have any ideas?

Thanks!

Michelle Rempel
Grande Prairie Public Library




More information about the Web4lib mailing list