North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Increase in tcp traffic from spoofed source to bogon?

  • From: Mike Tancsa
  • Date: Thu Sep 25 17:43:35 2003


Is it all to 135 ? I drop lots of that at my border. Each time I traced it back to the customer, it was some infected machine that was not being natted for various reasons.

e.g.

Deny TCP 172.16.4.1:4616 192.100.103.4:135

We also see the odd ntp request. Is it bogon as in RFC 1918 or bogon as in not yet allocated / routed ?

---Mike

At 05:26 PM 25/09/2003, Mark Segal wrote:

While cleaning the narchi virus icmp traffic.. I noticed a lot of tcp
traffic (it seems to be increasing) from spoofed address to bogon space?
Any ideas on what virus or worm this is?  Is it new?

Regards,
Mark

--
Mark Segal
Director, Network Planning
FCI Broadband
Tel: 905-284-4070
Fax: 416-987-4701
http://www.fcibroadband.com

Futureway Communications Inc. is now FCI Broadband