Full Disclosure mailing list archives
Re: Strange packets
From: Jon Hart <warchild () spoofed org>
Date: Sun, 24 Aug 2003 10:33:47 -0400
On Sun, Aug 24, 2003 at 07:06:37AM -0600, Henna Yatsu wrote:
Hello All, For the past few days, a few packet of protocol number 99 has captured in our network. Do someone know the meaning of this packet?
From http://www.iana.org/assignments/protocol-numbers, you can see that
IP protocol 99 is reserved for any private encryption scheme. I saw a number of these packets coming from seemingly random machines a few months back. When I did some work to see where they were coming from, it turns out they were all US military (primarily US Army) machines. It is entirely possible that the addresses were spoofed. I am now seeing this traffic again. It started on 8/19/03 and continues. All but 2 packets have been originating from net blocks belonging to the US military. These two rogue packets came from an ISP in the UK. -jon _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Strange packets Henna Yatsu (Aug 24)
- Re: Strange packets Jon Hart (Aug 24)
- Re: Strange packets Michael Mueller (Aug 24)
- Re: Strange packets - OFFTOPIC Kurt Seifried (Aug 24)