Harsh J

For the last few days I’d been observing unusual blinkenlights on my router even when the connection was supposed to be idle. Trying to fix overheating issues and a loosely mounted graphic card that was causing havoc in my game sessions, I did not decide to investigate early.

Today, a little peek into the system logs gave me these odd looking lines:

[  245.194635] Inbound IN=eth0 OUT= MAC=00:F8:a1:68:d7:63:00:0f:a3:52:11:33:08:00 SRC=85.190.0.3 DST=192.168.1.2 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=56199 DF PROTO=TCP SPT=57538 DPT=17771 WINDOW=5840 RES=0x00 SYN URGP=0
[  248.186412] Inbound IN=eth0 OUT= MAC=00:F8:a1:68:d7:63:00:0f:a3:52:11:33:08:00 SRC=85.190.0.3 DST=192.168.1.2 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=42755 DF PROTO=TCP SPT=38368 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0
[  248.193452] Inbound IN=eth0 OUT= MAC=00:F8:a1:68:d7:63:00:0f:a3:52:11:33:08:00 SRC=85.190.0.3 DST=192.168.1.2 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=42451 DF PROTO=TCP SPT=45035 DPT=18844 WINDOW=5840 RES=0x00 SYN URGP=0
[  248.193505] Inbound IN=eth0 OUT= MAC=00:F8:a1:68:d7:63:00:0f:a3:52:11:33:08:00 SRC=85.190.0.3 DST=192.168.1.2 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=42230 DF PROTO=TCP SPT=53061 DPT=28882 WINDOW=5840 RES=0x00 SYN URGP=0
[  254.188289] Inbound IN=eth0 OUT= MAC=00:F8:a1:68:d7:63:00:0f:a3:52:11:33:08:00 SRC=85.190.0.3 DST=192.168.1.2 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=42756 DF PROTO=TCP SPT=38368 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0
[  254.189632] Inbound IN=eth0 OUT= MAC=00:F8:a1:68:d7:63:00:0f:a3:52:11:33:08:00 SRC=85.190.0.3 DST=192.168.1.2 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=51624 DF PROTO=TCP SPT=60700 DPT=33322 WINDOW=5840 RES=0x00 SYN URGP=0

A quick google later, I realized these were messages sent by 85.190.0.3 to me looking at random ports like 33322, 80 (HTTP), 28882, 18844, etc.. A little more research over the IP led to this page: http://proxyscan.freenode.net/.

I was confused for quite a while. I don’t run nor use a proxy or an IIS server, as their policy page states. Why would they continuously poke around when nothing’s found? I can’t give up on FreeNode, but I certainly do not like this continuous checking. Do all of FreeNode users face this? It never used to happen before.

That said, a little more info into the message follows:

[  254.189632] Inbound IN=eth0 OUT= MAC=00:F8:a1:68:d7:63:00:0f:a3:52:11:33:08:00 SRC=85.190.0.3 DST=192.168.1.2 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=51624 DF PROTO=TCP SPT=60700 DPT=33322 WINDOW=5840 RES=0x00 SYN URGP=0

Drilldown:

• Inbound – Incoming data
• IN=eth0 – Data incoming via eth0
• OUT= – No outgoing interface
• MAC=00:F8:a1:68:d7:63:00:0f:a3:52:11:33:08:00 – Breaks down to “00:Destination MAC”:”00:Source MAC”:”Payload-Type:00″ (IP)
• SRC=85.190.0.3 – Source address
• DST=192.168.1.2 – Destination address
• LEN=60 TOS=0×00 PREC=0×00 TTL=52 ID=51624 – Length, Type Of Service, Precedence(?), Time To Live, ID(?)
• DF PROTO=TCP SPT=60700 DPT=33322 WINDOW=5840 RES=0×00 SYN URGP=0 – Don’t Fragment, Protocol, Source Port, Destination Port, Recieving Window Size, Reset(?), Sync packet (trying to connect), Non-Urgent Data.

The doubtful ones are indicated with a (?). It was fun analysing this, and I think the solution is to block all incoming ports? Or perhaps, blocking the IP?

Life has not been so low as right now. No this isn’t some depression stuff. And I mean right _now_ as in right now. 28th Nov, near 2 AM in the morning.

I love the rains, yes I do. I don’t mind the water-logged roads either, I like walking in it. No matter how gloomy the weather, the falling droplets always make me cheerful. But no, this won’t last, not yet in my country. Just as I try to get some work done, my electricity starts to fluctuate, the EB would blame the rains if I blame them. Poof goes my router’s blinkenlights, and I have to reconnect and wonder if what was going on can be got back.

Not to mention what am trying to do seems so-much impossible on the thing am doing the what upon but the same what is, in fact, possible and that having been rubbed into your face by some powers that be, makes you literally go tearing your hair and screaming what the …

Weather on focus, my city’s been receiving lots of cyclone-induced rainfall. I’m thinking it rained enough to last a quarter of the oncoming summer period, if not half. Walked loads in the water today, some places almost upto thigh-deep water.

A little something on movies – Punisher – War Zone’s coming with Jigsaw in it (Dec 5), and these marketers are getting clever, releasing the original old Punisher with Jane and Travolta in it just a week before. Saw Quantum of Solace and it isn’t good, all action and deaths, or atleast most of it. Also saw The Dark Knight so many times that I started to like Batman Begins more.

Installed a new code-highlight plugin (The same awesome one as on WordPress.com blogs). Here’s a sample:

# In Python
class Foo(object):
    def __init__(self): pass
    @somedecorator
    def abc(ghi):
        print ("Spam and eggs")

More later as I get back to owning the lizard – the mighty, unconquerable openSuSE 11.0.

Just-for-record: 9 router disconnects in this post-typing period. Great voltage!