[44net] strange traffic

At the moment, I receive a continuous stream of packets like this: Frame 1: 118 bytes on wire (944 bits), 118 bytes captured (944 bits) Arrival Time: Feb 22, 2012 18:05:47.069526000 CET Epoch Time: 1329930347.069526000 seconds [Time delta from previous captured frame: 0.000000000 seconds] [Time delta from previous displayed frame: 0.000000000 seconds] [Time since reference or first frame: 0.000000000 seconds] Frame Number: 1 Frame Length: 118 bytes (944 bits) Capture Length: 118 bytes (944 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:ip:data] Ethernet II, Src: ThomsonT_1e:e4:ca (00:14:7f:1e:e4:ca), Dst: AsustekC_b4:b4:6d (00:1d:60:b4:b4:6d) Destination: AsustekC_b4:b4:6d (00:1d:60:b4:b4:6d) Address: AsustekC_b4:b4:6d (00:1d:60:b4:b4:6d) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: ThomsonT_1e:e4:ca (00:14:7f:1e:e4:ca) Address: ThomsonT_1e:e4:ca (00:14:7f:1e:e4:ca) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 169.228.66.251 (169.228.66.251), Dst: 80.101.113.129 (80.101.113.129) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 104 Identification: 0x1924 (6436) Flags: 0x00 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 49 Protocol: IPIP (4) Header checksum: 0xc1a8 [correct] [Good: True] [Bad: False] Source: 169.228.66.251 (169.228.66.251) Destination: 80.101.113.129 (80.101.113.129) Internet Protocol, Src: 76.114.219.34 (76.114.219.34), Dst: 169.228.66.251 (169.228.66.251) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 21504 Identification: 0x0000 (0) Flags: 0x00 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set Fragment offset: 512 Time to live: 43 Protocol: IPIP (4) Header checksum: 0x3b1e [incorrect, should be 0x2746] [Good: False] [Bad: True] [Expert Info (Error/Checksum): Bad checksum] [Message: Bad checksum] [Severity level: Error] [Group: Checksum] Source: 76.114.219.34 (76.114.219.34) Destination: 169.228.66.251 (169.228.66.251) Data (64 bytes) 0000 45 00 00 54 00 00 40 00 3e 01 8e 79 2c 3c 2c 0a E..T..@.>..y,<,. 0010 2c 89 29 61 08 00 3d 1d 27 45 41 f6 70 20 45 4f ,.)a..=.'EA.p EO 0020 af 34 02 00 08 09 0a 0b 0c 0d 0e 0f 10 11 12 13 .4.............. 0030 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f 20 21 22 23 ............ !"# Data: 45000054000040003e018e792c3c2c0a2c89296108003d1d... [Length: 64] It appears to be an IPIP packet from the gateway, which then contains another IPIP packet sent by 76.114.219.34 to the gateway, which again has another IPIP packet that my trace tool no longer shows. I don't understand why the gateway delivers these packets to me. As it looks like 76.114.219.34 is indeed a valid gateway in the system, I assume a misconfiguration rather than malice for now. But probably it would be better when amprgw just rejected all IPIP traffic that includes another layer of IPIP within it. Rob