Re: [44net] Security - Nested IPIP

Scott, The netflow printouts are from NfSen: http://nfsen.sourceforge.net/ The running traffic is tcpdump: https://linux.die.net/man/8/tcpdump If you provide the approximate date/time of your search, I'll look it up - but my firewall should have treated your traffic with all non-AMPR DROP rules applicable...and (obviously) the Header 0 would have come from AMPRGW...unless you were spoofing IPIP packets and that device's IP is also your registered GW? And your test shows that some operators need to work on their firewall sets - especially after the sale. And I do not believe your described traffic is related to this. 73, - Lynwood KB3VWG