|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: weird traceroutes
From: Donald McLachlan (don
MAINFRAME.DGRC.CRC.CA)Date: Fri Apr 21 2000 - 11:27:20 CDT
- Next message: Jon Burdge: "Re: Rooted through in.identd on Red Hat 6.0"
- Previous message: Living Prophet of the GREAT GRUG: "Re: Tools to analyze "captured" binaries?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
After a 3 month break I started looking at some logs the other day.
I saw some very odd traffic.
- packets were UDP, TCP SYN/ACK's, TCP RST's, and ICMP timex and unreachable.
- packets were all addressed to unused subnets of ours.
- TTL would step from 1 through MAX for one destination IP address, the
destination address would change, and the TTL would step back down to 1.
- This pattern continued ad infinitum.
- packets appear identical except for the timestamp, the TTL, and
the IP checksum (due to the change in the TTL).
- These packets were coming in fast and furious
- Periodically the source address on these packets changes, but the pattern
remained the same.
Is anybody else seeing traffic like this?
Don
- Next message: Jon Burdge: "Re: Rooted through in.identd on Red Hat 6.0"
- Previous message: Living Prophet of the GREAT GRUG: "Re: Tools to analyze "captured" binaries?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]