Active ipv6 'mapping' project ?
Jeroen Massar
jeroen at unfix.org
Wed Jul 27 22:29:10 CEST 2011
On 2011-07-27 22:18 , Brandon Applegate wrote:
> Just poking around in my home firewall logs. I have a tunnel to one of
> my data centers giving the house ipv6. I noticed a steady flow of icmp
> echo requests with the destination address being my firewall itself.
> This pattern is steady (not a flood, but it is constant). They are all
> 64 byte packets with the payload being the typical walk through ASCII.
>
> A sample of the source addresses are here:
>
> http://pastebin.com/X9FwBtkE
>
> That's from ~ 1000 packets sample. A good amount of these come back as
> Akamai.
>
> Anyone know what this is ? Thanks.
As the sources are mostly in backbone networks have you thought about
somebody running an 'mtr' which does a per-hop ICMP request continuesly?
But those would be echo responses on your side then not requests.
The "walk through ASCII" sounds like a normal ping at least and could
quite well be either fping or mtr too.
If you can provide a packet dump of at least one of these packets
(scrubbing src/dst if you want) that would help.
One big question of course is if your 'dst' address (the 'firewall') is
published anywhere or not.
Greets,
Jeroen
More information about the ipv6-ops
mailing list