One of our loyal readers, Jon, sent an e-mail this morning that he was seeing some unusual traffic. In particular, he was seeing IP protocol 46 (RSVP) packets that were getting dropped by his external router sourced from 2 different IPs (which I may share later). I've never seen RSVP traffic myself and Jon had never seen any either. At this point, we don't know if this is some sort of reconnaissance or malformed/corrupted packets, but I figured we should see if anyone else is seeing this odd traffic and, if so, if you could grab some packets and send them to us (via the contact form). As always, your assistance is greatly appreciated. --------------- SEC508 in Columbus starting 10 Sep: http://www.sans.org/mentor/details.php?nid=19458 I will be teaching next: Reverse-Engineering Malware: Malware Analysis Tools and Techniques - SANS DFIR Summit & Training 2022 |
Jim 423 Posts ISC Handler Sep 7th 2009 |
Thread locked Subscribe |
Sep 7th 2009 1 decade ago |
Sign Up for Free or Log In to start participating in the conversation!