[nsp] 127.0.0.0/8 unroutable?
Gert Doering
gert at greenie.muc.de
Tue Nov 11 16:05:04 EST 2003
Hi,
On Tue, Nov 11, 2003 at 09:54:45PM +0100, sthaug at nethelp.no wrote:
> > There's some backing to it, though. Either the host or router
> > requirements RFC (forgot which one) states absolutely clearly that
> > these addresses MUST NOT appear on the wire.
>
> Yeah, I guess that's why I'm seeing lots of this right now :-)
>
> 21:53:30.778020 127.0.0.1.80 > 195.18.131.181.1534: R 0:0(0) ack 1059717121 win 0
> 21:53:30.782388 127.0.0.1.80 > 213.239.108.197.1146: R 0:0(0) ack 1757937665 win 0
Don't tell me about it...
Nov 9 21:24:48 cisco1 73286: %SEC-6-IPACCESSLOGP: list 110 denied tcp 127.0.0.1(80) (FastEthernet0/0 0005.9af9.b008) -> 80.81.193.105(1159), 1 packet
Nov 9 21:33:06 cisco2 55379: %SEC-6-IPACCESSLOGP: list 110 denied tcp 127.0.0.1(80) (FastEthernet0/0 0090.69b1.7c1f) -> 80.81.192.105(1604), 1 packet
Nov 9 21:47:12 cisco1 73332: %SEC-6-IPACCESSLOGP: list 110 denied tcp 127.0.0.1(80) (FastEthernet0/0 0090.69b1.7c1f) -> 80.81.193.105(1334), 1 packet
(this is 12.2S, which seems to log these packets in a perfectly normal
fashion - the weird ACL logging was in 12.0 or so).
I'm not sure which kind of virus/worm/garbage software is creating these
packets, but it's always an experience to talk to your peers/upstream and
have them filter these packets...
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany gert at greenie.muc.de
fax: +49-89-35655025 gert at net.informatik.tu-muenchen.de
More information about the cisco-nsp
mailing list