[nsp] 127.0.0.0/8 unroutable?

Gert Doering gert at greenie.muc.de
Tue Nov 11 16:05:04 EST 2003


Hi,

On Tue, Nov 11, 2003 at 09:54:45PM +0100, sthaug at nethelp.no wrote:
> > There's some backing to it, though.  Either the host or router
> > requirements RFC (forgot which one) states absolutely clearly that 
> > these addresses MUST NOT appear on the wire.
> 
> Yeah, I guess that's why I'm seeing lots of this right now :-)
> 
> 21:53:30.778020 127.0.0.1.80 > 195.18.131.181.1534: R 0:0(0) ack 1059717121 win 0
> 21:53:30.782388 127.0.0.1.80 > 213.239.108.197.1146: R 0:0(0) ack 1757937665 win 0

Don't tell me about it...

Nov  9 21:24:48 cisco1 73286: %SEC-6-IPACCESSLOGP: list 110 denied tcp 127.0.0.1(80) (FastEthernet0/0 0005.9af9.b008) -> 80.81.193.105(1159), 1 packet
Nov  9 21:33:06 cisco2 55379: %SEC-6-IPACCESSLOGP: list 110 denied tcp 127.0.0.1(80) (FastEthernet0/0 0090.69b1.7c1f) -> 80.81.192.105(1604), 1 packet
Nov  9 21:47:12 cisco1 73332: %SEC-6-IPACCESSLOGP: list 110 denied tcp 127.0.0.1(80) (FastEthernet0/0 0090.69b1.7c1f) -> 80.81.193.105(1334), 1 packet

(this is 12.2S, which seems to log these packets in a perfectly normal
fashion - the weird ACL logging was in 12.0 or so).

I'm not sure which kind of virus/worm/garbage software is creating these
packets, but it's always an experience to talk to your peers/upstream and
have them filter these packets...

gert

-- 
USENET is *not* the non-clickable part of WWW!
                                                           //www.muc.de/~gert/
Gert Doering - Munich, Germany                             gert at greenie.muc.de
fax: +49-89-35655025                        gert at net.informatik.tu-muenchen.de


More information about the cisco-nsp mailing list