[Dshield] Stumped by 238.7.6.6

Kelly Martin kmartin at pyrzqxgl.org
Mon Jun 17 17:54:26 GMT 2002


> I have some idiot at 238.7.6.6 (Internet Assigned Numbers Authority) which
> resolves to IANA which ends up at RIPE DBM, they (IANA) will do nothing to
> help, attacking my mail server every second on IGMP, the firewall is
> blocking OK but the logs are huge and it is just a pain. Does anyone know
> how to get IANA to answer an email to find out who they gave the IP to so
I
> can get them to stop?? I am about ready to make a phone call to the
> Authorities in The Kingdom of the Netherlands and pusue criminal action.

A better approach would be to find the multicast device that someone has
connected to your network and put it to bed.  You might also want to check
your bastion router filter lists as nobody should be routing packets to or
from multicast addresses over WAN links unless they're specifically part of
the MBone.

Another possibility is that you're the target of a DoS using spoofed
addresses, or a misconfigured MBone site.  You'll have to work with your ISP
to trace the packets back to the source.

Is this a host or network firewall?  If it's a host firewall, the source may
very well be internal to your own network.

Kelly




More information about the list mailing list