Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Strange packets

From: Jon Hart <warchild () spoofed org>
Date: Sun, 24 Aug 2003 10:33:47 -0400
On Sun, Aug 24, 2003 at 07:06:37AM -0600, Henna Yatsu wrote:

Hello All,

For the past few days, a few packet of protocol number 99 has captured
in our network.  Do someone know the meaning of this packet?



From http://www.iana.org/assignments/protocol-numbers, you can see that

IP protocol 99 is reserved for any private encryption scheme.

I saw a number of these packets coming from seemingly random machines a
few months back.  When I did some work to see where they were coming
from, it turns out they were all US military (primarily US Army)
machines.  It is entirely possible that the addresses were spoofed.

I am now seeing this traffic again.  It started on 8/19/03 and
continues.  All but 2 packets have been originating from net blocks
belonging to the US military.  These two rogue packets came from an ISP
in the UK.

-jon

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: