lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20030824143347.GD24145@spoofed.org>
From: warchild at spoofed.org (Jon Hart)
Subject: Strange packets

On Sun, Aug 24, 2003 at 07:06:37AM -0600, Henna Yatsu wrote:
> Hello All,
> 
> For the past few days, a few packet of protocol number 99 has captured
> in our network.  Do someone know the meaning of this packet?

>From http://www.iana.org/assignments/protocol-numbers, you can see that
IP protocol 99 is reserved for any private encryption scheme.

I saw a number of these packets coming from seemingly random machines a
few months back.  When I did some work to see where they were coming
from, it turns out they were all US military (primarily US Army)
machines.  It is entirely possible that the addresses were spoofed.

I am now seeing this traffic again.  It started on 8/19/03 and
continues.  All but 2 packets have been originating from net blocks
belonging to the US military.  These two rogue packets came from an ISP
in the UK.

-jon


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ