[nsp-sec] PIM messages from China...
Dave Mitchell
davem at yahoo-inc.com
Fri Feb 22 23:03:31 EST 2008
Out of curiosity, what are the ttl's on the packets?
-dave
On Sat, Feb 23, 2008 at 03:39:43AM +0000, David Freedman wrote:
> ----------- nsp-security Confidential --------
>
> Have been seeing PIM (proto 103) messages from 220.249.91.115 directed towards some of our colocation customers in the UK
>
> Hoping this just an attempt to exploit the old cisco "blocked" bug (http://www.cisco.com/en/US/products/products_security_advisory09186a00801a34c2.shtml) but would like to draw attention to it in case it is not and something nasty is going on.
>
> AS | IP | AS Name
> 4837 | 220.249.91.115 | CHINA169-BACKBONE CNCGROUP China169 Backbone
>
>
> Dave.
>
>
>
> ------------------------------------------------
> David Freedman
> Group Network Engineering
> Claranet Limited
> http://www.clara.net
>
>
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
> community. Confidentiality is essential for effective Internet security counter-measures.
> _______________________________________________
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 186 bytes
Desc: not available
URL: <https://puck.nether.net/mailman/private/nsp-security/attachments/20080222/c87c6198/attachment-0001.sig>
More information about the nsp-security
mailing list