[unisog] Interesting traffic
lat at cns.vt.edu
Fri Feb 6 18:16:09 GMT 2004
Yes, I have seen this IP in our logs since Feb 2 also. I don't have
any packet captures, only ipfilters and iptables log messages, though.
The source port for all was 6667 and the destination ports were either
1024 or 3072. It's been logged on at least 10 of my machines, the latest
being about 4am EST today.
On Fri, Feb 06, 2004 at 09:29:40AM -0500, Asadoorian, Paul D wrote:
> This traffic started on my network on Feb. 2nd, at 7:00AM EST STD time.
> They all originate from 220.127.116.11, all with a source port of 6667
> TCP, the destination is my entire class B on TCP ports 1024 and 3072.
> All packets are RST/ACK. Anyone else seeing this IP hitting their
> network? Looks like someone is spoofing our address space, and I have
> confirmed that at least one other University is seeing this.
Laurie Zirkle E-mail: lat at vt.edu Pager: (540)953-3691
Unix SysAdmin (ITS III) Voice: (540)231-6370 Fax: (540)231-3928
Virginia Tech CNS, Blacksburg VA 24061-0506
More information about the unisog