On Apr 26, 2017, at 9:32 PM, Brian Kantor
<Brian(a)ucsd.edu> wrote:
(Please trim inclusions from previous messages)
_______________________________________________
A few times a minute, a host claiming to be ke6jjj-8 (44.4.39.8)
is sending an encapped packet that is peculiar: it is either 40 or 44
bytes long, but the length field in the IP header is set to a varying but
very large packetsize (for example, 61,683 bytes) and the Don'tFragment
bit is set so the amprgw IP kernel sending routine can't break it up
into MTU-sized fragments - thus it gets a transmit failure and isn't
sent anywhere.
The inner source is always 44.4.39.8, but the destination varies a lot.
I'm completely puzzled by this: I don't know how any common operating
system would be generating such a packet.
I can see how a naive IP implementation might have a problem when
receiving a packet that is relatively small but claims to be large.
Does anyone know: is this a deliberate attempt to sabotage the destination
host?
- Brian
_________________________________________
44Net mailing list
44Net(a)hamradio.ucsd.edu
http://hamradio.ucsd.edu/mailman/listinfo/44net