[unisog] Interesting traffic
flynngn at jmu.edu
Fri Feb 6 17:27:37 GMT 2004
Asadoorian, Paul D wrote:
> This traffic started on my network on Feb. 2nd, at 7:00AM EST STD time.
> They all originate from 220.127.116.11, all with a source port of 6667
> TCP, the destination is my entire class B on TCP ports 1024 and 3072.
> All packets are RST/ACK. Anyone else seeing this IP hitting their
> network? Looks like someone is spoofing our address space, and I have
> confirmed that at least one other University is seeing this.
See it here too. I see traffic similar to this quite often
from both port 80 and 6667. I figured it was stuff like
Security Engineer - Technical Services
James Madison University
More information about the unisog