Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Incidents
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Bizarre traffic

from [Brian Rectanus] Network Security [Permanent Link]
Subject: Re: Bizarre traffic
Date: Sat, 11 Feb 2006 00:15:24 -0500 
With it cooresponding to network disruptions, similar IPs on your net
and conversations looking normal otherwise, have you considered it a
router/switch corrupting packets?  Or even the a bad NIC in a machine?

-B

On 2/9/06, David Gillett <gillettdavid@fhda.edu> wrote:

  Does anybody know of anything (malware, hackware, other?) that
would cause a machine to put out traffic with the first octet of
the destination address (re)set to ZERO?

  The traffic I saw all was headed for port 443, and wasn't
decipherable.  The variation in packet size looked like a real
conversation, although return packets (if any) weren't passing
my sniffer.  The destination addresses, sans the bogus first octet,
looked like addresses of a couple of real internal servers (source
address was internal) -- which, however, do not have HTTPS service
active.

  [This traffic correlated with various intermittent disruptions of
our network, which stopped when the source machine dropped off the
network.  It later reappeared -- and so did a brief disruption --
long enough for me to pinpoint and ban it.]

David Gillett
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Bizarre traffic, David Gillett
Next by Date:  RE: Bizarre traffic, David Gillett
Previous by Thread:  Bizarre traffic, David Gillett
Next by Thread:  RE: Bizarre traffic, David Gillett
Indexes:  [Date] [Thread] [Top] [All Lists]