Re: anyone who saw this arp traffic?

• Previous message: Ankush Kapoor: "Re: Comparing linux distros."
• In reply to: Monty Ree: "anyone who saw this arp traffic?"
• Next in thread: Andrew Shore: "RE: anyone who saw this arp traffic?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Sun, 27 Feb 2005 06:27:03 +0530
To: Monty Ree <chulmin2@hotmail.com>

Have seen similar ARP broadcasts when windows machines on our network
got hit by worms.
Which worms i dont quite remember. Perhaps blaster.

regards

Ankush Kapoor

On Wed, 23 Feb 2005 01:40:43 +0000, Monty Ree <chulmin2@hotmail.com> wrote:
> Hello, all.
>
> When I capture network traffic at server farm,I can see lots of arp
> broadcast like below.
> But there is no server which use 172.16.x.x ip address.
> and curiously,
>
> 1. source ip and destination ip is same
> 2. more curiously, same traffic(source mac:0:10:dc:f1:f7:64 , source
> ip:172.16.97.157) is seen at my office.
> 3. I can also see this traffic(source mac:0:10:dc:f1:f7:64 , source
> ip:172.16.97.157 ) at other IDC.
>
> Have you ever seen this traffic?
>
> Thanks in advance.
>
> 10:15:26.759069 0:10:dc:f1:f7:64 Broadcast arp 60: arp who-has
> 172.16.97.157 (Broadcast) tell 172.16.97.157
> 10:15:26.803792 0:c:76:4e:4:c8 Broadcast arp 60: arp who-has 172.16.100.103
> (Broadcast) tell 172.16.100.103
> 10:15:26.955878 0:c:76:4e:4:c8 Broadcast arp 60: arp who-has 172.16.100.103
> (Broadcast) tell 172.16.100.103
> 10:15:26.967737 0:10:dc:f1:f7:64 Broadcast arp 60: arp who-has
> 172.16.97.157 (Broadcast) tell 172.16.97.157
>
> _________________________________________________________________
> 고.. 감.. 도.. 사.. 랑.. 만.. 들.. 기.. MSN 러브
> http://www.msn.co.kr/love/
>
>

• Previous message: Ankush Kapoor: "Re: Comparing linux distros."
• In reply to: Monty Ree: "anyone who saw this arp traffic?"
• Next in thread: Andrew Shore: "RE: anyone who saw this arp traffic?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Spamassassin & Redhat ... Spamassassin with this configuration. ... I have a home network and DSL I ... want to setup a RH server to pull email from a POP3 account and process ... "Sitting in a bunker, here behind my wall, waiting for the worms to come. ... (linux.redhat) Re: Enterprise AV ... Subject: Enterprise AV ... Not one virus/worm has made it into my network. ... not battling stubborn worms and inefficient AV ... > - Precisely Define and Implement Network Security ... (Security-Basics) Re: TCP/IP problems ... I have a bizzare problem that I cannot bound TCP/IP to my ... : with a virus. ... If a worm was trying to penetrate your network and that port was ... Worms are self-contained. ... (microsoft.public.win2000.networking) REVIEW: "Defense and Detection Strategies Against Internet Worms", Jose Nazario ... "Defense and Detection Strategies Against Internet Worms", ... Nazario, 2004, 1-58053-537-2, U$85.00/C$131.95 ... network, and communication with other worm nodes. ... (comp.security.misc) RE: Suggestions ... We utilized exactly this detection system, with api detection features, ... been against the grain and felt that slow, stealthy worms are far more ... stealth and destruction tend to go together. ... One has to be able to monitor both network ... (Focus-IDS)