LISTSERV - HP3000-L Archives

HP3000-L Archives

November 2002, Week 3

HP3000-L@RAVEN.UTC.EDU

	LISTSERV Archives
	HP3000-L Home
	HP3000-L November 2002, Week 3

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: Wayward packets
From:	Jeff Kell <[log in to unmask]>
Reply To:	Jeff Kell <[log in to unmask]>
Date:	Wed, 20 Nov 2002 15:52:19 -0500
Content-Type:	text/plain
Parts/Attachments:	text/plain (29 lines)

Eric Sand - STL wrote:
>
> Hi Folks,
>     This morning I received a call from one of our network people in the
> main office, where we had just re-installed our 918 from Monterey, and he
> said a virus had compromised the box and was transmitting ICMP packets to
> various addresses, some belonging to our customers and others seemingly
> random. I doubted this was happening, but he said he was positive the
> packets emanated from the HP3000. He also said they were encapsulated in a
> "SWIPE" protocol that predates IPSEC and that they were encapsulated PING
> packets.

It is incredibly difficult to get the 3000 to send a ping on purpose,
I seriously doubt that it is "pinging" in an ICMP-sense of the word.

"SWIPE" is incredibly unlikely for the 3000 as well.

I suspect they may be seeing 802.10 encapsulation (check to see if you
have ethernet enabled in NMMGR) or perhaps the AFCP protocol used by
DTCs (if you have any of them around).

Again, it takes an act of Congress, the will of God, and a handful of
CSY engineers to get anything done below the 3000's TCP layer 3.

Jeff

* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *

ATOM RSS1 RSS2

RAVEN.UTC.EDU