Re: tracking down source/cause of garbage packets

From: Barry Margolin (barry.margolin_at_level3.com)
Date: 10/09/03

  • Next message: bz: "Re: tracking down source/cause of garbage packets"
    Date: Thu, 09 Oct 2003 19:44:36 GMT
    
    

    In article <f05e664d.0310091140.43023807@posting.google.com>,
    jonathan <ttyp32000@yahoo.com> wrote:
    >hey all,
    >
    >Our network has been having difficulties; and using iris (a windows
    >tool) we are seeing tons of packets that:
    >
    >a) don't have a valid mac address
    >b) don't have valid IP addresses on either the sending or receiving
    >end.
    >c) that have frames of either '---' (not valid) or 802.3
    >d) that have either the 'spanning tree' or 'SNAP' or '---' protocol
    >
    >ie, they are basically dummies that are clogging our network. Any clue
    >on what
    >might be causing this? Can a program (virus, etc) spoof mac addresses
    >as
    >well as IP? How would people go about tracking them down?

    I'm sure it's possible, but probably harder to accomplish. And sending
    totally invalid frames is probably very difficult, since this should be
    handled at a low level by the NIC.

    With the wide variety of problems you're seeing, I'd suspect a hardware
    problem rather than software. Maybe a bad hub or switch.

    -- 
    Barry Margolin, barry.margolin@level3.com
    Level(3), Woburn, MA
    *** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
    Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.
    

  • Next message: bz: "Re: tracking down source/cause of garbage packets"

    Relevant Pages

    • tracking down source/cause of garbage packets
      ... Our network has been having difficulties; ... tool) we are seeing tons of packets that: ... don't have a valid mac address ...
      (comp.security.misc)
    • Re: How many wireless networks where you are ?
      ... But anyway I don't see why not, if there's no WEP / WAP key being used ... they it's FTA surely? ... My network shows up as 'unsecured', ... Why wouldn't I be able to snoop the network and use one of the valid MAC and ...
      (uk.telecom.broadband)
    • Re: tracking down source/cause of garbage packets
      ... Barry Margolin wrote in news:EUihb.270$pd.234 ... >>hey all, ... >>a) don't have a valid mac address ... they are basically dummies that are clogging our network. ...
      (comp.security.misc)
    • Re: How many wireless networks where you are ?
      ... But anyway I don't see why not, if there's no WEP / WAP key being used ... they it's FTA surely? ... My network shows up as 'unsecured', ... Why wouldn't I be able to snoop the network and use one of the valid MAC and ...
      (uk.telecom.broadband)