[nsp-sec] Odd packets from 255.127.0.0
Schiel, John
John.Schiel at twtelecom.com
Mon Oct 6 13:20:02 EDT 2014
> -----Original Message-----
> From: nsp-security [mailto:nsp-security-bounces at puck.nether.net] On Behalf
> Of Bill Owens
> Sent: Monday, October 06, 2014 11:03 AM
> To: nsp-security NSP
> Subject: Re: [nsp-sec] Odd packets from 255.127.0.0
>
> ----------- nsp-security Confidential --------
>
> On Mon, Oct 06, 2014 at 11:45:13AM -0400, Bill Owens wrote:
> > ----------- nsp-security Confidential --------
> >
> > I saw something like this a long time ago, when a defective port on a piece
> of Ethernet-over-SONET gear started resending frames with the link-layer
> headers intact, so the other equipment on the network interpreted them as IP
> headers. The fact that the captured packets don't have a valid IP header at all
> makes me think that something similar is happening, a bad piece of hardware
> someplace.
>
> Scratch that theory - these packets, or something very much like them, have
> been around for quite a while now:
> http://www.cert.pl/news/4433/langswitch_lang/en
Good find.
Had to run that page through translate.google.com but this does match what the traffic is showing. I happened to notice the *payload* they are talking about in this post too.
--John
>
> Bill.
>
>
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
> community. Confidentiality is essential for effective Internet security counter-
> measures.
> _______________________________________________
-------------
The content contained in this electronic message is not intended to constitute formation of a contract binding tw telecom. tw telecom will be contractually bound only upon execution, by an authorized officer, of a contract including agreed terms and conditions or by express application of its tariffs. This message is intended only for the use of the individual or entity to which it is addressed. If the reader of this message is not the intended recipient, or the employee or agent responsible for delivering the message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this message is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the sender of this E-Mail or by telephone.
More information about the nsp-security
mailing list