|
Today I noticed that one of my DMZ servers is receiving
Fragmented IP Protocol packets from a class C subnet in I cannot think of a reason that my server (used only for
HTTP and DNS) should be receiving such packets. None of my other DMZ servers
are seeing them. It occurs to my paranoid mind that this could be evidence
of a covert channel Trojan trying to make contact to my server. If so, then my
server is apparently ignoring it. At least, it does not send any packets back
to the same subnet. However the packets (probes?) keep coming. Has anyone seen anything like this? I have attached a small
Ethereal trace. -- Eric Robinson |
frag-channel
Description: frag-channel
_______________________________________________ RLUG mailing list [EMAIL PROTECTED] http://lists.rlug.org/mailman/listinfo/rlug
