184.108.40.206 -- Harmless mis-route or potential exploit?
drc at virtualized.org
Tue Sep 2 18:31:40 CDT 2008
On Sep 2, 2008, at 3:24 PM, Dan Mahoney, System Admin wrote:
> While recently trying to debug a CEF issue, I found a good number of
> packets in my "debug cef drops" output that were all directed at
> 220.127.116.11 (which I see as being allocated to ep.net but
> completely unused).
As Steve Conte pointed out, that is the address that used to be used
for l.root-servers.net. l.root-servers.net was renumbered almost a
year ago, with the announcement of the old address turned off about 6
> So the question is, should I just ignore this as a properly dropped
> packet due to "no route" (this provider is running defaultless, so
> unless such a route exists, it should be okay).
Packets being sent to 18.104.22.168 most likely come from DNS caching
servers that haven't had their hints updated. In the ideal world, you
could hunt down those machines and kick 'em in the head (that is,
install a new hints file). That they're unrouted is definitely the
way things should be.
More information about the NANOG