<div dir="ltr">Packets to 224.0.0.1 are only for the local subnet and should not be forwarded. If they were sourced from the DoD, they should never have made it to your site. Also took a quick look at a route server, that network isn't in the global tables.<div>
<br></div><div>Occam's razor would suggest that it's a misconfiguration or some other crap on the network.</div><div><br></div><div>As an aside, I once had an RSA token server that had its config file corrupted. When we turned it on, it would spew packets at the DoD. After a brief panic, then a laugh, we figured out the problem and the DOS went away. Wondering if there's some pattern in the numbers.</div>
<div><br></div><div>Sean</div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Tue, Feb 11, 2014 at 5:48 AM, Trevor Cordes <span dir="ltr"><<a href="mailto:trevor@tecnopolis.ca" target="_blank">trevor@tecnopolis.ca</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Starting Feb 4 I've been receiving on my Shaw modem connection an IP<br>
protocol 2 (IGMP) packet to 224.0.0.1 (all hosts multicast) from<br>
22.34.128.1 (US DoD!!) every 1 minute on the dot. I've gotten over 10,000<br>
so far. My iptables DROPs them all, but I'm wondering WTF? Is something<br>
misconfigured on the net with the DoD or Shaw or am I being targeted by<br>
DoD for some reason?<br>
_______________________________________________<br>
Roundtable mailing list<br>
<a href="mailto:Roundtable@muug.mb.ca">Roundtable@muug.mb.ca</a><br>
<a href="http://www.muug.mb.ca/mailman/listinfo/roundtable" target="_blank">http://www.muug.mb.ca/mailman/listinfo/roundtable</a><br>
</blockquote></div><br><br clear="all"><div><br></div>-- <br>Sean Walberg <<a href="mailto:sean@ertw.com" target="_blank">sean@ertw.com</a>> <a href="http://ertw.com/" target="_blank">http://ertw.com/</a>
</div>