All things related to multicast

I think it would be helpful to know if this was a compromised machine, 
and if the suspect code was a previously known classD address scanner - or 
something entirely new.

Thanks,
Greg

On Tue, 30 Dec 2003, John Barlow wrote:

> 
> 
> Bill Owens writes:
> > On Fri, Dec 19, 2003 at 04:40:59PM -0500, Marshall Eubanks wrote:
> > > Still pretty much continual msdp storms from Australia :
> > > 
> > > Thu Dec 18 18:12:40 2003 MSDP_Unique_Entries 9612 
> > > Fri Dec 19 00:12:40 2003 MSDP_Unique_Entries 10038 
> > > Fri Dec 19 06:12:41 2003 MSDP_Unique_Entries 9982 
> > > Fri Dec 19 12:12:40 2003 MSDP_Unique_Entries 10356 
> > 
> > Just curious, this has obviously been stopped in the last 10 
> > days but I never heard what the cause was. Was there a report 
> > from the site?
> 
> No analysis as such.
> 
> The host causing the problems is in the University of Queensland.  The
> host was not "owned" by the central networking group, so they simply
> added an access-list to block all packets from the host, and last we
> heard they were going to chase down the hosts owners to see how it had
> been compromised (at this stage we assume it was compromised in some
> way).
> 
> Do you want a report chased down ?
> 
> 
> John Barlow
> 
>