Increase in tcp traffic from spoofed source to bogon?

• Previous message (by thread): Increase in tcp traffic from spoofed source to bogon?
• Next message (by thread): Increase in tcp traffic from spoofed source to bogon?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Is it all to 135 ?  I  drop lots of that at my border.  Each time I traced 
it back to the customer, it was some infected machine that was not being 
natted for various reasons.

e.g.

Deny TCP 172.16.4.1:4616 192.100.103.4:135

We also see the odd ntp request.  Is it bogon as in RFC 1918 or bogon as in 
not yet allocated / routed ?

         ---Mike

At 05:26 PM 25/09/2003, Mark Segal wrote:

>While cleaning the narchi virus icmp traffic.. I noticed a lot of tcp
>traffic (it seems to be increasing) from spoofed address to bogon space?
>Any ideas on what virus or worm this is?  Is it new?
>
>Regards,
>Mark
>
>--
>Mark Segal
>Director, Network Planning
>FCI Broadband
>Tel: 905-284-4070
>Fax: 416-987-4701
>http://www.fcibroadband.com
>
>Futureway Communications Inc. is now FCI Broadband

• Previous message (by thread): Increase in tcp traffic from spoofed source to bogon?
• Next message (by thread): Increase in tcp traffic from spoofed source to bogon?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]