the subject says most of it: We had an attack with a large amount of ICMP packets. The new thing about the attack was the address they seem to appear from: 127.0.0.2. Note that this is no source address spoofing, they were not packets from 127.0.0.2 to some IP in our net but packets _from_ 127.0.0.2 _to_ some other address far away and not in our net. Looking for the way they have been generated I remembered that Ascend uses 127.0.0.2 as the address of the rj0 Interface. Does anyone know of ways to attack this interface, abuse it to generate bombastic amounts of ICMP traffic etc. ? Or do I have to search elsewhere (especially for a hacked machine or hacked profile) ? Thanks, Andre. -- Kanther-Line: PGP SSH IDEA MD5 GOST RIPE-MD160 3DES RSA FEAL32 RC4 +-o-+--------------------------------------------------------+-o-+ | o | \\\- Brain Inside -/// | o | | o | ^^^^^^^^^^^^^^ | o | | o | Andre' Beck (ABPSoft) beck@ibh-dd.de XLink PoP Dresden | o | +-o-+--------------------------------------------------------+-o-+ ++ Ascend Users Mailing List ++ To unsubscribe: send unsubscribe to ascend-users-request@bungi.com To get FAQ'd: <<A HREF="http://www.nealis.net/ascend/faq">http://www.nealis.net/ascend/faq</A>> </PRE> <!--X-MsgBody-End--> <!--X-Follow-Ups--> <!--X-Follow-Ups-End--> <!--X-References--> <!--X-References-End--> <!--X-BotPNI--> <HR> <UL> <LI>Prev by Date: <STRONG><A HREF="msg11975.html">(ASCEND) 127.0.0.[2-xxx]</A></STRONG> </LI> <LI>Next by Date: <STRONG><A HREF="msg11973.html">Re: (ASCEND) Radius Authentication (fwd)</A></STRONG> </LI> <LI>Prev by thread: <STRONG><A HREF="msg11973.html">Re: (ASCEND) Radius Authentication (fwd)</A></STRONG> </LI> <LI>Next by thread: <STRONG><A HREF="msg11976.html">Re: (ASCEND) Known attacks via 127.0.0.2 (rj0) ?</A></STRONG> </LI> <LI>Index(es): <UL> <LI><A HREF="maillist.html#11974"><STRONG>Main</STRONG></A></LI> <LI><A HREF="thrd289.html#11974"><STRONG>Thread</STRONG></A></LI> </UL> </LI> </UL> <!--X-BotPNI-End--> <!--X-User-Footer--> <!--X-User-Footer-End--> </BODY> </HTML>