[RndTbl] DoD multicast?
Sean Walberg
sean at ertw.com
Tue Feb 11 07:38:29 CST 2014
Packets to 224.0.0.1 are only for the local subnet and should not be
forwarded. If they were sourced from the DoD, they should never have made
it to your site. Also took a quick look at a route server, that network
isn't in the global tables.
Occam's razor would suggest that it's a misconfiguration or some other crap
on the network.
As an aside, I once had an RSA token server that had its config file
corrupted. When we turned it on, it would spew packets at the DoD. After a
brief panic, then a laugh, we figured out the problem and the DOS went
away. Wondering if there's some pattern in the numbers.
Sean
On Tue, Feb 11, 2014 at 5:48 AM, Trevor Cordes <trevor at tecnopolis.ca> wrote:
> Starting Feb 4 I've been receiving on my Shaw modem connection an IP
> protocol 2 (IGMP) packet to 224.0.0.1 (all hosts multicast) from
> 22.34.128.1 (US DoD!!) every 1 minute on the dot. I've gotten over 10,000
> so far. My iptables DROPs them all, but I'm wondering WTF? Is something
> misconfigured on the net with the DoD or Shaw or am I being targeted by
> DoD for some reason?
> _______________________________________________
> Roundtable mailing list
> Roundtable at muug.mb.ca
> http://www.muug.mb.ca/mailman/listinfo/roundtable
>
--
Sean Walberg <sean at ertw.com> http://ertw.com/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.muug.mb.ca/pipermail/roundtable/attachments/20140211/6fa522f9/attachment.html>
More information about the Roundtable
mailing list