Anyone caught a packet of ... ?

["Weber, Markus" <Markus.Weber () KPNQwest com>]

Today we've experienced some heavy outages of a well noticed 
system. We digged it down to traffic between a routing inter-
face in front of the system and many highly random IPs around
the world. We are sure, that some of these random IPs are un-
used IPs (as some of them belong to net blocks which we main-
tain).

There a two theories we currently investigate in:

        1) The router went mad, mixing up his routing table,
           sending wired packets out and then was overloaded
           by the replies.

        2) We've been hit by some kind of DOS against the
           router or the system behind (with forged source
           IPs).

Unfortunately we haven't been able to capture a FULL packet du-
ring this time (too many calls, too many other paths we had to
investigate ...).

If you run a honeypot or caught by some lucky circumstances a
full packet coming from the following IPs, we would appreciate,
if you could sent it to us (tcpdump, snoop or the raw packet
content). 

        194.122.245.58
        194.122.245.62

Depending of the packet content, we might have a better idea,
of what was going on.

Thanks in advance, Markus.

-- 
KPNQwest Germany GmbH  * Emmy-Noether-Str. 9 *  D-76131 Karlsruhe
[T] +49 721 9652 213   [F] +49 721 9652 171   [M] +49 173 5166209
[E] Markus Weber <Markus.Weber () kpnqwest com>  [I] www.kpnqwest.de
Geschäftsführer: M.Müller-Berg/R.Williams, Amtsgericht KA/HRB8161  

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com