Increase in tcp traffic from spoofed source to bogon?
Mike Tancsa
mike at sentex.net
Thu Sep 25 21:40:50 UTC 2003
Is it all to 135 ? I drop lots of that at my border. Each time I traced
it back to the customer, it was some infected machine that was not being
natted for various reasons.
e.g.
Deny TCP 172.16.4.1:4616 192.100.103.4:135
We also see the odd ntp request. Is it bogon as in RFC 1918 or bogon as in
not yet allocated / routed ?
---Mike
At 05:26 PM 25/09/2003, Mark Segal wrote:
>While cleaning the narchi virus icmp traffic.. I noticed a lot of tcp
>traffic (it seems to be increasing) from spoofed address to bogon space?
>Any ideas on what virus or worm this is? Is it new?
>
>Regards,
>Mark
>
>--
>Mark Segal
>Director, Network Planning
>FCI Broadband
>Tel: 905-284-4070
>Fax: 416-987-4701
>http://www.fcibroadband.com
>
>Futureway Communications Inc. is now FCI Broadband
More information about the NANOG
mailing list