We had an attack here last night and the attack traffic was coming from an
IP address of x.x.255.x which isn't a valid IP address yet the traffic was
being routed over the internet (as far as I can tell anyway). When I
attempted to track down the source I found our cisco routers wouldn't accept
x.x.255.x isn't a valid IP address
Clue me in?
Clue: it's a valid address.
-Bill
On Sat, Feb 21, 2004 at 07:47:46AM -0500, Geo. wrote:
We had an attack here last night and the attack traffic was coming from an
IP address of x.x.255.x which isn't a valid IP address yet the traffic was
being routed over the internet (as far as I can tell anyway). When I
attempted to track
)
- Original Message -
From: Bill Woodcock [EMAIL PROTECTED]
To: Geo. [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Saturday, February 21, 2004 8:03 AM
Subject: Re: routing invalid IP addresses
x.x.255.x isn't a valid IP address
Clue me in?
Clue: it's a valid address
Geo. wrote:
We had an attack here last night and the attack traffic was coming from an
IP address of x.x.255.x which isn't a valid IP address yet the traffic was
being routed over the internet (as far as I can tell anyway). When I
attempted to track down the source I found our cisco routers
On Sat, 21 Feb 2004, Laurence F. Sheldon, Jr. wrote:
Invalid? Really? I used to manage a small collection of cisco routers
and I don't recall any of them complaining about such an address.
Could be related to perhaps not having ip subnet-zero? (I have no idea,
but the old thingie about
Mikael Abrahamsson wrote:
On Sat, 21 Feb 2004, Laurence F. Sheldon, Jr. wrote:
Invalid? Really? I used to manage a small collection of cisco routers
and I don't recall any of them complaining about such an address.
Could be related to perhaps not having ip subnet-zero? (I have no idea,
but
On Sat, 21 Feb 2004, Geo. wrote:
traceroute to 248.245.255.191, that's what made me think it was invalid.
It has nothing to do with the x.y.255.z -- the 240.0.0.0/4 is IANA reserved
space. If you had given the whole IP in the first place you could have
saved yourself some abuse. :-)
You are
If you had given the whole IP in the first place you could have
saved yourself some abuse. :-)
Now what fun would that have been? Ya gotta let these guys spit out abuse
once in a while, heck it's not often they know the right answer g...
Anyway, I'm currently investigating to see if it's
)
- Original Message -
From: Bill Woodcock [EMAIL PROTECTED]
To: Geo. [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Saturday, February 21, 2004 8:03 AM
Subject: Re: routing invalid IP addresses
x.x.255.x isn't a valid IP address
Clue me in?
Clue: it's a valid address
x.x.255.x isn't a valid IP address
Clue me in?
Clue: it's a valid address.
-Bill
Meta Clue... it -can be- a valid address.
--bill
Anyway, I'm currently investigating to see if it's possible the traffic
was
coming from another local machine. The machine's admin mentioned a few
things that sounded to me like there were 2 way connections from this IP
involved instead of just spoofed UDP.
Anybody hook up a new
Anybody hook up a new Macintosh lately? OS X seems to spew traffic in
that range. It appears to be some optional component as they don't all do
it, about half of ours do it. I haven't cared enough to track down what
exactly is doing it.
Not on this segment, only two linux boxes
13 matches
Mail list logo
