These are Automatic private IP Addresses. The Class C 169.254.x.x
address space is set aside by IANA for private networks. These
addresses result from a "feature" in Windows that automatically assigns
an IP address if a DHCP server is not found on the network. I would
suspect that you've got a new Windows 98/ME machine on your network that
does not have TCP/IP configured correctly.
Sean
Jose Nazario wrote:
>
> hi all,
>
> i've been receiving a handful of UDP echo packets on an email server since
> december 1, consistently from the same IP address. so far it hasn't caused
> any performance problems (ie no floods), and they're being blocked. i'm at
> a loss, though, to figure out why this trickle of packets would be found.
> it does't make sense from a Firewalk point of view, as most sites block
> echo (both tcp and udp) on their borders. it doesn't make sense from the
> standpoint of detecting hosts, either, for that very reason. and the
> trickle seems like a very poorly done DDoS, which seems to rule that out
> (unless we assume super stupid attackers).
>
> any input would be welcome. these are the only connections i have from
> that IP (from xinetd logs):
>
> 00/12/1_at_10:44:08: FAIL: echo-dgram address from=169.254.97.28
<snip>
>
> ____________________________
> jose nazario jose_at_cwru.edu
> PGP: 89 B0 81 DA 5B FD 7E 00 99 C3 B2 CD 48 A0 07 80
> PGP key ID 0xFD37F4E5 (pgp.mit.edu)
--
~~~~~~~~~~~~~~~
Sean R. Brown - srbrown_at_appgeo.com
System Administrator Applied Geographics, Inc. Boston, MA
Received on Dec 12 2000
Intro
