Security Incidents mailing list archives
weird traceroutes
From: don () MAINFRAME DGRC CRC CA (Donald McLachlan)
Date: Fri, 21 Apr 2000 12:27:20 -0400
After a 3 month break I started looking at some logs the other day. I saw some very odd traffic. - packets were UDP, TCP SYN/ACK's, TCP RST's, and ICMP timex and unreachable. - packets were all addressed to unused subnets of ours. - TTL would step from 1 through MAX for one destination IP address, the destination address would change, and the TTL would step back down to 1. - This pattern continued ad infinitum. - packets appear identical except for the timestamp, the TTL, and the IP checksum (due to the change in the TTL). - These packets were coming in fast and furious - Periodically the source address on these packets changes, but the pattern remained the same. Is anybody else seeing traffic like this? Don
Current thread:
- weird traceroutes Donald McLachlan (Apr 21)