Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Security Incidents mailing list archives

Fragmented UDP and Multicast Addresses
From: "Chris Martin" <chris () mainstreethost com>
Date: Tue, 15 Nov 2005 14:29:09 -0500
Hello list,
Today at work we found some very strange behavior on one of our servers.
This machine was spitting out several thousand fragmented UDP packets to
an IP multicast address.
The rate of packet sending was quite high, using ethereal for about 10
minutes showed that of approximately 75,000 packets, almost 70,000 of
them where these fragmented UDP packets.  They were being sent to a
239.192.*.* which according to RFC 3171 is an Administratively Scoped
Block of IPv4 Multicast.

This really has us scratching our heads.  I was wondering if anyone here
had seen this kind of behavior before, or had any ideas as to what it
could possibly be?

Thanks,
Christopher S Martin

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]