trace route

Within my router I have blocked trace route. This has highlighted that throughout the day I frequently get a mail alert such as this where the source IP is not the same each time:

2024/11/21 09:04:51 -- [DOS][Block][trace_route][152.70.75.102->00.00.00.00][ICMP][HLen=20, TLen=34, Type=8, Code=0]

I have changed my IP to 00.00.00.00 in the alert message.

What exactly is hoped to be gained by the sender by probing my internet connection?

Access.

In old money, this is like a toe-rag going along trying the doors of parked cars … once you’re in, then just take what’s easy.

In reply to a post by Zarjaz:

Access.

In old money, this is like a toe-rag going along trying the doors of parked cars … once you’re in, then just take what’s easy.

Then there is a bloody army of toe-rags out there then! Around 40 separate IPs seeing if I have locked my car today!

Then there is a bloody army of toe-rags out there then!

Always a reasonable assumption in my book.

It's all completely automated and distributed around compromised hosts. You have nothing to gain by receiving an alert whenever your external IP is on the end of a ping or traceroute.

Switch the alert off. This is background noise.

Basic test to see if there's something there which will be followed by a port scan to try and find a vulnerable service running to exploit.

In reply to a post by XGS_Is_On:

Switch the alert off. This is background noise.
Basic test to see if there's something there which will be followed by a port scan to try and find a vulnerable service running to exploit.

Pretty much that. You can't realistically do anything to stop it.