We had an attack here last night and the attack traffic was coming from an
IP address of x.x.255.x which isn't a valid IP address yet the traffic was
being routed over the internet (as far as I can tell anyway). When I
attempted to track down the source I found our cisco routers wouldn't accept
x.x.255.x isn't a valid IP address
Clue me in?
Clue: it's a valid address.
-Bill
On Sat, Feb 21, 2004 at 07:47:46AM -0500, Geo. wrote:
We had an attack here last night and the attack traffic was coming from an
IP address of x.x.255.x which isn't a valid IP address yet the traffic was
being routed over the internet (as far as I can tell anyway). When I
attempted to track
traceroute to 248.245.255.191, that's what made me think it was invalid.
I did get the answer, I was being stupid and trying to use IP route instead
of an acl. Thanks to everyone who replied, even the no guy.
Geo. (I'm not the cisco guy, I was just the only one working last night)
Geo. wrote:
We had an attack here last night and the attack traffic was coming from an
IP address of x.x.255.x which isn't a valid IP address yet the traffic was
being routed over the internet (as far as I can tell anyway). When I
attempted to track down the source I found our cisco routers
On Sat, 21 Feb 2004, Laurence F. Sheldon, Jr. wrote:
Invalid? Really? I used to manage a small collection of cisco routers
and I don't recall any of them complaining about such an address.
Could be related to perhaps not having ip subnet-zero? (I have no idea,
but the old thingie about
Mikael Abrahamsson wrote:
On Sat, 21 Feb 2004, Laurence F. Sheldon, Jr. wrote:
Invalid? Really? I used to manage a small collection of cisco routers
and I don't recall any of them complaining about such an address.
Could be related to perhaps not having ip subnet-zero? (I have no idea,
but
On Sat, 21 Feb 2004, Geo. wrote:
traceroute to 248.245.255.191, that's what made me think it was invalid.
It has nothing to do with the x.y.255.z -- the 240.0.0.0/4 is IANA reserved
space. If you had given the whole IP in the first place you could have
saved yourself some abuse. :-)
You are
Anybody else having problems over the PAIX Palo-Alto LAN ?
Cheers,
André
Andre Chapuis
IP+ Backbone Engineering AS3303
Swisscom Enterprise Solutions Ltd
Genfergasse 14, CH-3050 Bern
+41 31 893 89 61
[EMAIL PROTECTED]
CCIE #6023
If you had given the whole IP in the first place you could have
saved yourself some abuse. :-)
Now what fun would that have been? Ya gotta let these guys spit out abuse
once in a while, heck it's not often they know the right answer g...
Anyway, I'm currently investigating to see if it's
248.x.x.x is in 'Class E' space which is invalid on the Internet...
x.x.255.x are perfectly valid addresses, indeed we have 193.0.255.0/24..
subnet-zero isnt relevant either, this would be for eg a class B using a
255.255.255.0 subnet mask, since we dont bother with classful addressing and
http://www.internetnews.com/dev-news/article.php/3314501
In a bid to target a security hurdle rampant with dial-up Internet
users, Microsoft has rolled out a security update CD giveaway
for users of Windows XP, Windows Me, Windows 2000, Windows 98,
and Windows 98 Second Edition (SE).
The
I wonder how many will install worms and viruses from a CD that they got
not from Microsoft but from phishing schemes that will inevitably pop up
around it.
Michel.
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
David Lesher
Sent: Saturday,
On Sat, 21 Feb 2004, Michel Py wrote:
I wonder how many will install worms and viruses from a CD that they got
not from Microsoft but from phishing schemes that will inevitably pop up
around it.
As far as I know, Microsoft is currently mailing the CDs to only consumers
that request the
Speaking on Deep Background, the Press Secretary whispered:
In the future you may be able to obtain patches through other
distribution channels, e.g. your ISP or consumer electronics chain or
original equipment manufacturer. Regardless of the distribution method,
geniune Microsoft patches
On Sat, 21 Feb 2004, David Lesher wrote:
In the future you may be able to obtain patches through other
distribution channels, e.g. your ISP or consumer electronics chain or
original equipment manufacturer. Regardless of the distribution method,
geniune Microsoft patches are always
In the future you may be able to obtain patches through other
distribution channels, e.g. your ISP or consumer electronics chain or
original equipment manufacturer.
Perhaps MS should pay a fee to companies such as ISP's (would never
happen) to distribute their fixes. Judging from my
Sean Donelan wrote:
Regardless of the distribution method, geniune Microsoft
patches are always cryptographically signed by Microsoft.
Whether consumers can figure out how to check the signature
is a different question.
Lots can't. I recently put a fake identity seal on my personal web
site
x.x.255.x isn't a valid IP address
Clue me in?
Clue: it's a valid address.
-Bill
Meta Clue... it -can be- a valid address.
--bill
Anyway, I'm currently investigating to see if it's possible the traffic
was
coming from another local machine. The machine's admin mentioned a few
things that sounded to me like there were 2 way connections from this IP
involved instead of just spoofed UDP.
Anybody hook up a new
You could always run HSRP or something similar between the two routers. That
would give you physical redundancy on your end.
Setup the same single ASN on each router.
In a simple form, you could create the same access-list on each of your routers
containing all the blocks you want to
Anybody hook up a new Macintosh lately? OS X seems to spew traffic in
that range. It appears to be some optional component as they don't all do
it, about half of ours do it. I haven't cared enough to track down what
exactly is doing it.
Not on this segment, only two linux boxes
22 matches
Mail list logo
