Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Request for packets SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network
https://isc.sans.edu/honeypot.html

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Request for packets

One of our loyal readers, Jon, sent an e-mail this morning that he was seeing some unusual traffic.  In particular, he was seeing IP protocol 46 (RSVP) packets that were getting dropped by his external router sourced from 2 different IPs (which I may share later).  I've never seen RSVP traffic myself and Jon had never seen any either.  At this point, we don't know if this is some sort of reconnaissance or malformed/corrupted packets, but I figured we should see if anyone else is seeing this odd traffic and, if so, if you could grab some packets and send them to us (via the contact form).  As always, your assistance is greatly appreciated.

---------------
Jim Clausing, jclausing --at-- isc [dot] sans (dot) org

SEC508 in Columbus starting 10 Sep: http://www.sans.org/mentor/details.php?nid=19458

I will be teaching next: Reverse-Engineering Malware: Malware Analysis Tools and Techniques - SANS Secure Japan 2021

Jim

416 Posts
ISC Handler
Sep 7th 2009

Sign Up for Free or Log In to start participating in the conversation!