North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: 18.104.22.168 -- Harmless mis-route or potential exploit?
On Sep 2, 2008, at 3:24 PM, Dan Mahoney, System Admin wrote:
While recently trying to debug a CEF issue, I found a good number of packets in my "debug cef drops" output that were all directed at 22.214.171.124 (which I see as being allocated to ep.net but completely unused).
As Steve Conte pointed out, that is the address that used to be used for l.root-servers.net. l.root-servers.net was renumbered almost a year ago, with the announcement of the old address turned off about 6 months ago.
So the question is, should I just ignore this as a properly dropped packet due to "no route" (this provider is running defaultless, so unless such a route exists, it should be okay).
Packets being sent to 126.96.36.199 most likely come from DNS caching servers that haven't had their hints updated. In the ideal world, you could hunt down those machines and kick 'em in the head (that is, install a new hints file). That they're unrouted is definitely the way things should be.