Security Incidents mailing list archives
Christmas Eve packet
From: Andrew Hallberg <hallberg () GLOBALCENTER NET>
Date: Wed, 20 Dec 2000 11:15:03 -0500
This was in the morning logs, nestled amongst dozens of NetBIOS Scans: src=255.186.255.232 dst=255.187.255.240 service=IP protocol 0 policy=13345 action=Deny duration=1008443392 start_time="2000-12-24 05:43:00" This get more odd the more I look at it. The firewall this came off of has real IP's, so the 255 addys are really wierd. The Netscreen has never listed a "Protocol 0", there are only 30 policies on the FW, and I know for a fact that it hasn't been up for 32 years. ;) Also the date is off. The FW has the correct date setting, so it shouldn't be reporting something for next week. Is this a known Netscreen 100 issue, or is it a malformed packet that slipped thru the cracks? And if so, could someone give me a clue as to where this would come from? Andrew Hallberg Security TAM Globalcenter, Inc.
Current thread:
- Christmas Eve packet Andrew Hallberg (Dec 20)