On Thu, 4 Feb 1999, W.C. (Jay) Epperson wrote:
:Not exactly on topic, but I've gotten no response elsewhere.
:If you're offended by TCP/IP protocol questions, please
:use the delete key now.
:
:For about the past month, we've logged occasional TCP packets
:with a source address of 255.255.255.255 on our private network
:backbone. We have not managed to sniff a non-routed packet,
:so we can't identify the source by its MAC address yet.
Appologies for that last message, I got it backwards.
It sounds like a host on your network is either scanning or
DoS'ing remote networks. What is interesting is that the
packets that are being sent look like they would
be used to scan hosts, but they could only be collected
by a host that would hear the broadcasted response to
255/0. Theoretically, this should go to the entire Internet,
but most sites will not route packets destined to Everywhere.
Have you contacted the remote networks and asked them if they
see this?
As for off topic, there used to be a tiger-team list (can't remember
the .edu site) that this would have been appropriate for, but it is defunct.
I don't know of a public list where a security discussion like this
would be common. This list has been mostly ad hoc tech support for some
time.
Maybe a new public list that discusses more esoteric or theoretical
vulnerabilities that is moderated a la' NANOG (seperate reader and
posting lists) is in order? If there is enough interest, mail
me privately and I would be happy to host it.
-j
--
jamie.reid
Chief Reverse Engineer
Superficial Intelligence Research Division
Defective Technologies
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
