[ale] Strange activity on net

Scott Castaline hscast at charter.net
Wed Sep 3 17:30:49 EDT 2008 

I've suddenly noticed a very high level of activity on my broadband 
connection. When I view the logs on my router one IP sticks out, 
24.64.254.20. nslookup gives: Non-authoritative answer:
20.254.64.24.in-addr.arpa	name = S010600161726dd6b.cg.shawcable.net.

Authoritative answers can be found from:
254.64.24.in-addr.arpa	nameserver = ns1.so.cg.shawcable.net.
254.64.24.in-addr.arpa	nameserver = ns2.so.cg.shawcable.net.

And tracert gives:

> [root at ncc1701f ~]# tracert 24.64.254.20
> traceroute to 24.64.254.20 (24.64.254.20), 30 hops max, 40 byte packets
>  1  192.168.11.1 (192.168.11.1)  0.469 ms  0.601 ms  0.755 ms
>  2  10.226.128.1 (10.226.128.1)  9.591 ms  9.616 ms  9.771 ms
>  3  172.26.102.197 (172.26.102.197)  9.766 ms  9.906 ms  10.024 ms
>  4  24-197-160-34.static.gwnt.ga.charter.com (24.197.160.34)  10.808 ms  10.810 ms  11.011 ms
>  5  so-7-0-0.edge2.Atlanta2.Level3.net (4.78.63.9)  16.032 ms  16.030 ms  16.152 ms
>  6  ae-72-52.ebr2.Atlanta2.Level3.net (4.68.103.61)  20.014 ms ae-73-52.ebr3.Atlanta2.Level3.net (4.68.103.62)  12.676 ms ae-72-52.ebr2.Atlanta2.Level3.net (4.68.103.61)  15.941 ms
>  7  ae-72-70.ebr2.Atlanta2.Level3.net (4.69.138.19)  16.202 ms  22.283 ms ae-3.ebr2.Chicago1.Level3.net (4.69.132.73)  38.718 ms
>  8  ae-3.ebr2.Chicago1.Level3.net (4.69.132.73)  38.730 ms ae-21-56.car1.Chicago1.Level3.net (4.68.101.162)  29.987 ms  29.489 ms
>  9  ae-21-56.car1.Chicago1.Level3.net (4.68.101.162)  29.883 ms  39.977 ms  39.858 ms
> 10  BIG-PIPE-IN.car1.Chicago1.Level3.net (4.79.208.150)  40.018 ms rc1nr-pos0-7-0-0.wp.shawcable.net (66.163.76.173)  119.556 ms BIG-PIPE-IN.car1.Chicago1.Level3.net (4.79.208.150)  32.356 ms
> 11  rc2nr-pos14-0.wp.shawcable.net (66.163.76.173)  119.644 ms rc1so-pos14-0-0.cg.shawcable.net (66.163.77.157)  87.529 ms rc1nr-pos0-7-0-0.wp.shawcable.net (66.163.76.173)  81.661 ms
> 12  rc1so-pos14-0-0.cg.shawcable.net (66.163.77.157)  102.119 ms  86.584 ms  90.816 ms
> 13  rd1so-ge2-0-0.cg.shawcable.net (66.163.71.78)  90.886 ms  91.067 ms dx1ok-g1.cg.shawcable.net (64.59.140.249)  92.241 ms
> 14  dx1ok-g1.cg.shawcable.net (64.59.140.249)  97.235 ms  92.374 ms *
> 15  * * *
> 16  * * *
> 17  * * *
> 18  * * *
> 19  * * *
> 20  * * *
> 21  * * *
> 22  * * *
> 23  * * *
> 24  * * *
> 25  * * *
> 26  * * *
> 27  * * *
> 28  * * *
> 29  * * *
> 30  * * *

I do not have anything going on other than ntpd and I do remain logged 
into my iGoogle account as well as weather.com/gold and I was logged 
into Fedora Forums. Nothing else. Why would I be receiving traffic from 
Shaw Cable in (if memory serves me ) Toronto Canada? It seems mostly UDP 
packets. Is there anything else that I can use to see what's really 
going on?

More information about the Ale mailing list