Greetings;
On Sat, 2020-03-14 at 03:06 +0000, lleachii--- via 44Net wrote:
The following are RAW firewall hits indicating nested IPIP in IPIP packets.
44net (at least a majority of it in the western hemosphere) have been under a brute force attack all week. Before we typically might not have noticed such because BK would head em off at the pass in San Diego however now that luxury no longer exists.
I run a firewall that only allows IPIP from all of you (and rules that only allows the AMPRGW routes and my destination IPs); but since this is a RAW rule - it implies nothing of any operator. I have not reviewed my Netflow records; but please be vigilant of this traffic. I warned of this issue in the "ancient" 44 mailing archives.
You may wish to repost your firewall rules.
73 ::and elbow bump::,
73 - from 3 feet distance