List, Recently, both ZoneAlarm personal firewalls installed on all windows-based machines and also on the NIDS, a lot of "protocol 88" traffic has been recorded.
ZoneAlarm receives and blocks roughly 140-200 such packets over a 2 hour period. Snort records 45 in a 5 minute period. A typical example of the snort logs from running "snort -l log" recorded a file named PROTO88.ids in several folders, each named after the offending IP address. 07/04-12:50:52.373464 212.140.212.99 -> 224.0.0.10 PROTO088 TTL:2 TOS:0xC0 ID:0 IpLen:20 DgmLen:60 =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ The above occured several hundred times in the duration of one evening. Things to be noted: the NIDS is a windows98 box. What and how can I extract some useful information from this packet log? Why is it occuring so many times recently? Thanx for your time all, Chris Mawer, http://tide.ath.cx
