visionwhitehats.com

• Next message: Ralf Hildebrandt: "Re: [snort] Anybody got a clue"
• Previous message: CyberPsychotic: "Re: [snort] Anybody got a clue"
• In reply to: CyberPsychotic: "Re: [snort] Anybody got a clue"
• Next in thread: Ralf Hildebrandt: "Re: [snort] Anybody got a clue"
• Next in thread: Ralf Hildebrandt: "Re: [snort] Anybody got a clue"
• Reply: Max Vision: "Re: [snort] Anybody got a clue"
• Reply: Ralf Hildebrandt: "Re: [snort] Anybody got a clue"
• Reply: CyberPsychotic: "Re: [snort] Anybody got a clue"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

In particular, I think it would be interesting if this fellow is not on
the uoregon.edu network (shown as 'a'). So then you have traffic that is
  a --> b
where your network is neither a nor b. That pretty much leaves spoofing
from the local segment... If the packet came from outside his net, then
how on earth did it get routed there?

I'm hoping we'll hear back from him :)

On Sun, 5 Mar 2000, CyberPsychotic wrote:
> ~ :Multicast of some sort. 224.0.0.0 is a reserved address range "MCAST-NET".
> ~ :Honestly, I haven't seen a whole lot of ligitimate multicast traffic, so
> ~ :I'm not sure what this packet could be.
>
> my cisco routers constantly send multicast datagrams on its interfaces to
> perform router discovery, so far I understand. (I could dig up
> specifications too, if interested)
>
>

• Next message: Ralf Hildebrandt: "Re: [snort] Anybody got a clue"
• Previous message: CyberPsychotic: "Re: [snort] Anybody got a clue"
• In reply to: CyberPsychotic: "Re: [snort] Anybody got a clue"
• Next in thread: Ralf Hildebrandt: "Re: [snort] Anybody got a clue"
• Next in thread: Ralf Hildebrandt: "Re: [snort] Anybody got a clue"
• Reply: Max Vision: "Re: [snort] Anybody got a clue"
• Reply: Ralf Hildebrandt: "Re: [snort] Anybody got a clue"
• Reply: CyberPsychotic: "Re: [snort] Anybody got a clue"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]