[unisog] Anybody seen this before
Valdis.Kletnieks at vt.edu
Valdis.Kletnieks at vt.edu
Wed Sep 24 16:30:54 GMT 2008
On Tue, 23 Sep 2008 16:37:22 PDT, Peter Van Epp said:
> Anyone know if this is the latest attempt to beat the packeteer (which
> is my current guess)? DSCC tossed up what it said was an IPV6 ping scan which
> suprised us, as we aren't routing V6 however looking at the packet it appears
> to be a V4 packet with a V6 header and udp packet inside it. My first guess
> (since most of them are coming from wireless) is an attempt to evade the
> packeteer (which I think won't work because I expect it will hit default which
> is shaped although I haven't verified that yet):
My guess with a 2002: address is that you have a wireless laptop that has
IPv6 enabled, and somebody is squawking an announcement for a 6-to-4 gateway
and the laptop is attempting to use that because you're not routing native IPv6.
It's not an attempt to beat the packeteer, it's an attempt to beat your lack
of IPv6 support :)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://lists.sans.org/pipermail/unisog/attachments/20080924/bed1a133/attachment.bin
More information about the unisog
mailing list