[137844] in North American Network Operators' Group


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: Traffic to 5/8 and 37/8 - stats on RIPE Labs

daemon@ATHENA.MIT.EDU (\"Oleg A. Arkhangelsky\)
Mon Feb 21 11:55:19 2011

From: "\"Oleg A. Arkhangelsky\"" <sysoleg@yandex.ru>
To: Mirjam Kuehne <mir@ripe.net>
In-Reply-To: <4D626A53.9060808@ripe.net>
Date: Mon, 21 Feb 2011 19:55:07 +0300
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org

Hello,

> http://labs.ripe.net/Members/mkarir/first-impressions-of-pollution-in-two-ripe-ncc-darknets

Quote from the link:

> Note that in the 37/8, most traffic comes from TTLs around 100. These are Linux hosts.
> The smaller humps are at ~32 (Windows) and ~250 (Solaris).

I don't agree. TTL around 100 is most probably Windows hosts with initial TTL of 128.
Everything below 64 can be Linux or FreeBSD. ~250 can be Solaris host but Cisco
IOS also set initial TTL to 255.

-- 
wbr, Oleg.


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[137844] in North American Network Operators' Group

Re: Traffic to 5/8 and 37/8 - stats on RIPE Labs

daemon@ATHENA.MIT.EDU (\"Oleg A. Arkhangelsky\)Mon Feb 21 11:55:19 2011

daemon@ATHENA.MIT.EDU (\"Oleg A. Arkhangelsky\)
Mon Feb 21 11:55:19 2011