North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Increase in tcp traffic from spoofed source to bogon?
On Thu, 25 Sep 2003, Mike Tancsa wrote: > Is it all to 135 ? I drop lots of that at my border. Each time I traced > it back to the customer, it was some infected machine that was not being > natted for various reasons. > > e.g. > > Deny TCP 172.16.4.1:4616 192.100.103.4:135 > > We also see the odd ntp request. Is it bogon as in RFC 1918 or bogon as in > not yet allocated / routed ? We are seeing some amount of traffic to the SMTP port of 127.0.0.2 (!!!). I haven't bothered to check this out at the moment. One would suppose the routers would blackhole the loopback traffic (or have a route to 127.0.0.1), but no... :-) > At 05:26 PM 25/09/2003, Mark Segal wrote: > > >While cleaning the narchi virus icmp traffic.. I noticed a lot of tcp > >traffic (it seems to be increasing) from spoofed address to bogon space? > >Any ideas on what virus or worm this is? Is it new? > > > >Regards, > >Mark > > > >-- > >Mark Segal > >Director, Network Planning > >FCI Broadband > >Tel: 905-284-4070 > >Fax: 416-987-4701 > >http://www.fcibroadband.com > > > >Futureway Communications Inc. is now FCI Broadband > -- Pekka Savola "You each name yourselves king, yet the Netcore Oy kingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
|