[67794] in North American Network Operators' Group
Re: routing invalid IP addresses
daemon@ATHENA.MIT.EDU (Geo.)
Sat Feb 21 22:24:25 2004
Reply-To: "Geo." <georger@getinfo.net>
From: "Geo." <georger@getinfo.net>
To: "Brian Knoblauch" <bknoblauch@sscorp.com>
Cc: <nanog@merit.edu>
Date: Sat, 21 Feb 2004 22:21:56 -0500
Errors-To: owner-nanog-outgoing@merit.edu
> Anybody hook up a new Macintosh lately? OS X seems to spew traffic in
> that range. It appears to be some optional component as they don't all do
> it, about half of ours do it. I haven't cared enough to track down what
> exactly is doing it.
Not on this segment, only two linux boxes directly on the wire and two NT
boxes behind a Pix 506e. Whatever was going on has stopped now so I'm just
going from log fragments the admins are emailing me. It looks like someone
was trying to exploit apache/php on one of the linux boxes using spoofed udp
from that IP address I posted.
Geo.
