[ale] Weird TCP dump

Michael D. Hirsch mhirsch at nubridges.com
Mon Sep 29 16:35:19 EDT 2003


anyone recognize this?  I'm getting really weird tcpdump logs from a box.  
I've put a representative sample below.  Why are things being sent on 
loopback with unusual addresses?  What is ip-proto-0?  Have I been hacked?

Thanks,

--Michael

15:58:43.165620 127.0.0.197 > 108.122.0.0:  ip-proto-0 0 (DF) [tos 0x7,ECT,CE] 
15:58:43.165761 127.0.0.112 > 108.122.0.0:  ip-proto-0 0 (DF) [tos 0x7,ECT,CE] 
15:58:43.165903 127.0.0.159 > 108.122.0.0:  ip-proto-0 0 (DF) [tos 0x7,ECT,CE] 
15:58:43.166043 127.0.0.31 > 108.122.0.0:  ip-proto-0 0 (DF) [tos 0x7,ECT,CE] 
15:58:43.166185 127.0.0.166 > 108.122.0.0:  ip-proto-0 0 (DF) [tos 0x7,ECT,CE] 
15:58:43.166326 127.0.0.89 > 108.122.0.0:  ip-proto-0 0 (DF) [tos 0x7,ECT,CE] 
15:58:43.166468 127.0.0.15 > 108.122.0.0:  ip-proto-0 0 (DF) [tos 0x7,ECT,CE] 



More information about the Ale mailing list