North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Increase in tcp traffic from spoofed source to bogon?
Is it all to 135 ? I drop lots of that at my border. Each time I traced it back to the customer, it was some infected machine that was not being natted for various reasons. e.g. Deny TCP 172.16.4.1:4616 192.100.103.4:135 We also see the odd ntp request. Is it bogon as in RFC 1918 or bogon as in not yet allocated / routed ? ---Mike At 05:26 PM 25/09/2003, Mark Segal wrote: While cleaning the narchi virus icmp traffic.. I noticed a lot of tcp traffic (it seems to be increasing) from spoofed address to bogon space? Any ideas on what virus or worm this is? Is it new? Regards, Mark -- Mark Segal Director, Network Planning FCI Broadband Tel: 905-284-4070 Fax: 416-987-4701 http://www.fcibroadband.com Futureway Communications Inc. is now FCI Broadband
|