Security Hero Rotating Header Image

Unusual traffic from Loopback to Bogon Address, (Sat, Oct 17th)

Unusual traffic from Loopback to Bogon Address, (Sat, Oct 17th)

Lode sent in some unusual traffic he is seeing from one of his servers. The traffic is Protocol 0 (IPv6 Hop by Hop), originates from a Loopback address and is destined to 108.22.0.0, which is a reserved address.

13:02:52.012656 IP (tos 0×7,CE, ttl 255, id 29423, offset 0, flags [none], proto: Options (0), length: 20) 127.0.0.181 108.122.0.0: ip 0

13:02:52.012699 IP (tos 0×7,CE, ttl 255, id 29423, offset 0, flags [none], proto: Options (0), length: 20) 127.0.0.25 108.122.0.0: ip 0

13:02:52.012743 IP (tos 0×7,CE, ttl 255, id 29423, offset 0, flags [none], proto: Options (0), length: 20) 127.0.0.96 108.122.0.0: ip 0

13:02:52.012788 IP (tos 0×7,CE, ttl 255, id 29423, offset 0, flags [none], proto: Options (0), length: 20) 127.0.0.187 108.122.0.0: ip 0

Some searching shows references to this traffic from Solaris systems dating back to at least 2002, but I couldn’t find any concrete solutions. One reference suggests this traffic might be related to a rootkit.

Anybody who knows anything about this traffic and can provide insight please contact me via our contact page.

Leave a Reply

Powered by WP Hashcash

Spam Protection by WP-SpamFree

Bad Behavior has blocked 735 access attempts in the last 7 days.