Unusual traffic from Loopback to Bogon Address, (Sat, Oct 17th)

Hello there! If you are new here, you might want to subscribe to the RSS feed for updates on this topic.

Unusual traffic from Loopback to Bogon Address, (Sat, Oct 17th)

Lode sent in some unusual traffic he is seeing from one of his servers. The traffic is Protocol 0 (IPv6 Hop by Hop), originates from a Loopback address and is destined to 108.22.0.0, which is a reserved address.

13:02:52.012656 IP (tos 0x7,CE, ttl 255, id 29423, offset 0, flags [none], proto: Options (0), length: 20) 127.0.0.181 108.122.0.0: ip 0

13:02:52.012699 IP (tos 0x7,CE, ttl 255, id 29423, offset 0, flags [none], proto: Options (0), length: 20) 127.0.0.25 108.122.0.0: ip 0

13:02:52.012743 IP (tos 0x7,CE, ttl 255, id 29423, offset 0, flags [none], proto: Options (0), length: 20) 127.0.0.96 108.122.0.0: ip 0

13:02:52.012788 IP (tos 0x7,CE, ttl 255, id 29423, offset 0, flags [none], proto: Options (0), length: 20) 127.0.0.187 108.122.0.0: ip 0

Some searching shows references to this traffic from Solaris systems dating back to at least 2002, but I couldn’t find any concrete solutions. One reference suggests this traffic might be related to a rootkit.

Anybody who knows anything about this traffic and can provide insight please contact me via our contact page.

Unusual traffic from Loopback to Bogon Address, (Sat, Oct 17th)

Unusual traffic from Loopback to Bogon Address, (Sat, Oct 17th)

Leave a Reply Cancel reply

Recent Posts

Categories

Archives

Calendar

Pages

Meta

April 2020
M	T	W	T	F	S	S
« Jul
		1	2	3	4	5
6	7	8	9	10	11	12
13	14	15	16	17	18	19
20	21	22	23	24	25	26
27	28	29	30