Re: BAD TRAFFIC 0 ttl
From: Will Tell (nosphie@rootshell.be)Date: 08/23/02
- Previous message: Jason Dixon: "Re: BAD TRAFFIC 0 ttl"
- Maybe in reply to: seren geti: "BAD TRAFFIC 0 ttl"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 23 Aug 2002 19:45:15 -0000 From: Will Tell <nosphie@rootshell.be> To: incidents@securityfocus.com('binary' encoding is not supported, stored as-is) In-Reply-To: <20020823131552.871DE3951@sitemail.everyone.net>
Hey Seren,
looks like you have the tcpdump file of the happening.
In this case u should look not for the IPs but for the MAC.
I had a case like this and all the IPs had the same MAC.
So take for exemple "ettercap" in file offline mode and
sniff only in MAC mode.
Might be that clear up something.
Will Tell
<20020823131552.871DE3951@sitemail.everyone.net>
>
>Hello all,
>
>I've had this same pattern of traffic appear inside my
network on four different occasions and I've found no
answer as to what it is, I'm hoping someone here has
seen something similar.
>
>This always happens over the midnight hour. The only
things that vary are the length of time and number of
different destination IPs. The destinations are always
#.0.1.15. The source is usually 218 or 65.0.1.0, but
always #.0.1.0. The packet data is always the same.
>
>Samples follow. Any thoughts are greatly appreciated.
>
>Thanks!
>
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
- Previous message: Jason Dixon: "Re: BAD TRAFFIC 0 ttl"
- Maybe in reply to: seren geti: "BAD TRAFFIC 0 ttl"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
