[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] Strange packets

To: Henna Yatsu <4mgc@myrealbox.com>
Subject: Re: [Full-Disclosure] Strange packets
From: Jon Hart <warchild@spoofed.org>
Date: Sun, 24 Aug 2003 10:33:47 -0400

On Sun, Aug 24, 2003 at 07:06:37AM -0600, Henna Yatsu wrote:
> Hello All,
> 
> For the past few days, a few packet of protocol number 99 has captured
> in our network.  Do someone know the meaning of this packet?

From http://www.iana.org/assignments/protocol-numbers, you can see that
IP protocol 99 is reserved for any private encryption scheme.

I saw a number of these packets coming from seemingly random machines a
few months back.  When I did some work to see where they were coming
from, it turns out they were all US military (primarily US Army)
machines.  It is entirely possible that the addresses were spoofed.

I am now seeing this traffic again.  It started on 8/19/03 and
continues.  All but 2 packets have been originating from net blocks
belonging to the US military.  These two rogue packets came from an ISP
in the UK.

-jon

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- [Full-Disclosure] Strange packets
  - From: "Henna Yatsu" <4mgc@myrealbox.com>

Prev by Date: Re: [Full-Disclosure] Strange packets
Next by Date: Re: [Full-Disclosure] No more windowsupdate for Windows 2000 ServerFamily?
Prev by thread: Re: [Full-Disclosure] Strange packets
Next by thread: Re: [Full-Disclosure] Strange packets - OFFTOPIC
Index(es):
- Date
- Thread