[nsp-sec] Odd packets from 255.127.0.0
Bill Owens
owens at nysernet.org
Mon Oct 6 13:03:10 EDT 2014
On Mon, Oct 06, 2014 at 11:45:13AM -0400, Bill Owens wrote:
> ----------- nsp-security Confidential --------
>
> I saw something like this a long time ago, when a defective port on a piece of Ethernet-over-SONET gear started resending frames with the link-layer headers intact, so the other equipment on the network interpreted them as IP headers. The fact that the captured packets don't have a valid IP header at all makes me think that something similar is happening, a bad piece of hardware someplace.
Scratch that theory - these packets, or something very much like them, have been around for quite a while now: http://www.cert.pl/news/4433/langswitch_lang/en
Bill.
More information about the nsp-security
mailing list