I saw traffic to/from that address going to/from some other internet address, not mine, via tcpdump. That destination was one example of many I was seeing that day (I think it was one of the bad blaster days). I saw lots of other traffic from Cox IPs similar to mind bound for other destinations as well. I'm not seeing it now, but I did see it before.
On Tue, 2003-09-09 at 10:54, Scott Harney wrote: > Tim Fournet <[EMAIL PROTECTED]> writes: > > > I can say that I've seen plenty of SMTP traffic going to/from the WBR > > Parish Sheriff's Dept. account from my internet-pointing interface. > > Maybe the switch ports are getting flooded by all the worm traffic and > > defaulting back to broadcasting everything. > > > > > Are you saying this SMTP traffic is *not* to/from your own external > IP? Ie the IP header portion of those packets carrying SMTP traffic > do *NOT* have your external IP address in the Source or Destination IP > fields. this would be unexpected. As long as source or dest of > unicast packets contain your external IP address this is normal > that you would see those packets. > > I would suspect that there is a misconfiguration somewhere causing > traffic for this "WBC Parish Sheriff's Dept. account" to go to/from > your SMTP server address (ie. your external interface IP). I'm thinking > virus/worm at the WBR Sheriff Dept. > > If you're seeing actually seeing packets that are not destined either > src or dest you_external_IP, then there's a MAC address/ARP conflict > going on. >
