[unisog] Anybody seen this before
Peter Van Epp
vanepp at sfu.ca
Tue Sep 23 23:37:22 GMT 2008
Anyone know if this is the latest attempt to beat the packeteer (which
is my current guess)? DSCC tossed up what it said was an IPV6 ping scan which
suprised us, as we aren't routing V6 however looking at the packet it appears
to be a V4 packet with a V6 header and udp packet inside it. My first guess
(since most of them are coming from wireless) is an attempt to evade the
packeteer (which I think won't work because I expect it will hit default which
is shaped although I haven't verified that yet):
16:13:21.296647 00:12:1e:1c:f4:1f > 00:11:88:05:5d:31, ethertype IPv4 (0x0800), length 596: (tos 0x0, ttl 55, id 6364, offset 0, flags [none], proto IPv6 (41), length 582) 67.87.xxx.xxx > 142.58.xxx.xx: (hlim 128, next-header: UDP (17), length: 522) 2002:4357:ca92::4357:ca92.48920 > 2002:8e3a:c70a:9:219:e3ff:fed6:2147.37814: UDP, length 514
0x0000: 4500 0246 18dc 0000 3729 0585 4357 ca92 E..F....7)..CW..
0x0010: 8e3a c70a 6000 0000 020a 1180 2002 4357 .:..`.........CW
0x0020: ca92 0000 0000 0000 4357 ca92 2002 8e3a ........CW.....:
0x0030: c70a 0009 0219 e3ff fed6 2147 bf18 93b6 ..........!G....
0x0040: 020a d078 0000 0405 002a 957c eb8a 7d5f ...x.....*.|..}_
0x0050: 53a8 S.
Peter Van Epp / Operations and Technical Support
Simon Fraser University, Burnaby, B.C. Canada
More information about the unisog
mailing list