Network Security: Detailed info on Re: Bogon IPs traffic only seen by netflow, confined within a VLAN only

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Incidents

[Top] [All Lists]

Re: Bogon IPs traffic only seen by netflow, confined within a VLAN only

from [Roland Dobbins] Network Security

[Permanent Link]

Subject:	Re: Bogon IPs traffic only seen by netflow, confined within a VLAN only
Date:	Mon, 10 Apr 2006 14:37:54 -0700


On Apr 9, 2006, at 9:29 PM, Valdis.Kletnieks@vt.edu wrote:

The usual cause for this is a busticated NIC - in years gone by, similar things were caused by "jabbering" transceivers that would start transmitting their packet sooner than the spec allowed, resulting in the first few bytes being dropped, or noise bytes being added...

There's an outside chance that there's a packet-crafting program with an off-by-one error, but I've seen this caused more often by broken hardware.

Good point - this is where an analysis of the traffic would be helpful, to see if there appear to be 'conversations' taking place or if it's just random garbage (I suspect the latter as you indicate, but that's purely speculative without data).

----------------------------------------------------------------------
Roland Dobbins <rdobbins@cisco.com> // 408.527.6376 voice

     Everything has been said.  But nobody listens.

                   -- Roger Shattuck

[More messages with this same subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Bogon IPs traffic only seen by netflow, confined within a VLAN only, Stef Re: Bogon IPs traffic only seen by netflow, confined within a VLAN only, Roland Dobbins Re: Bogon IPs traffic only seen by netflow, confined within a VLAN only, Valdis . Kletnieks Re: Bogon IPs traffic only seen by netflow, confined within a VLAN only, Roland Dobbins <= Re: Bogon IPs traffic only seen by netflow, confined within a VLAN only, Stef Re: Bogon IPs traffic only seen by netflow, confined within a VLAN only, Roland Dobbins Re: Bogon IPs traffic only seen by netflow, confined within a VLAN only, AJ Cochenour Re: Bogon IPs traffic only seen by netflow, confined within a VLAN only, stcroix111 Re: Bogon IPs traffic only seen by netflow, confined within a VLAN only, tsteeves RE: Bogon IPs traffic only seen by netflow, confined within a VLAN only, David Gillett Re: Bogon IPs traffic only seen by netflow, confined within a VLAN only, Lupe Christoph

Previous by Date:	Re: DOD Inside, Frank Knobbe
Next by Date:	RE: Bogon IPs traffic only seen by netflow, confined within a VLANonly, Pierre, Jean-Raymond
Previous by Thread:	Re: Bogon IPs traffic only seen by netflow, confined within a VLAN only, Valdis . Kletnieks
Next by Thread:	Re: Bogon IPs traffic only seen by netflow, confined within a VLAN only, Stef
Indexes:	[Date] [Thread] [Top] [All Lists]