One of our loyal readers, Jon, sent an e-mail this morning that he was seeing some unusual traffic. In particular, he was seeing IP protocol 46 (RSVP) packets that were getting dropped by his external router sourced from 2 different IPs (which I may share later). I've never seen RSVP traffic myself and Jon had never seen any either. At this point, we don't know if this is some sort of reconnaissance or malformed/corrupted packets, but I figured we should see if anyone else is seeing this odd traffic and, if so, if you could grab some packets and send them to us (via the contact form). As always, your assistance is greatly appreciated.
SEC508 in Columbus starting 10 Sep: http://www.sans.org/mentor/details.php?nid=19458I will be teaching next: Malware Reverse-Engineering Challenge - SANS New York City 2019
Sep 7th 2009
9 years ago