[ale] Weird TCP dump
Michael D. Hirsch
mhirsch at nubridges.com
Mon Sep 29 16:35:19 EDT 2003
anyone recognize this? I'm getting really weird tcpdump logs from a box.
I've put a representative sample below. Why are things being sent on
loopback with unusual addresses? What is ip-proto-0? Have I been hacked?
Thanks,
--Michael
15:58:43.165620 127.0.0.197 > 108.122.0.0: ip-proto-0 0 (DF) [tos 0x7,ECT,CE]
15:58:43.165761 127.0.0.112 > 108.122.0.0: ip-proto-0 0 (DF) [tos 0x7,ECT,CE]
15:58:43.165903 127.0.0.159 > 108.122.0.0: ip-proto-0 0 (DF) [tos 0x7,ECT,CE]
15:58:43.166043 127.0.0.31 > 108.122.0.0: ip-proto-0 0 (DF) [tos 0x7,ECT,CE]
15:58:43.166185 127.0.0.166 > 108.122.0.0: ip-proto-0 0 (DF) [tos 0x7,ECT,CE]
15:58:43.166326 127.0.0.89 > 108.122.0.0: ip-proto-0 0 (DF) [tos 0x7,ECT,CE]
15:58:43.166468 127.0.0.15 > 108.122.0.0: ip-proto-0 0 (DF) [tos 0x7,ECT,CE]
More information about the Ale
mailing list