Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
IP Protocol 14 traffic?
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
IP Protocol 14 traffic? - 21.Dec.2007 2:13:10 PM
|
|
|
dawnmwhite
Posts: 6
Joined: 22.May2003
Status: offline
|
We have an ISA2000 array (2 servers), working in cache-only mode on our network. Our network folks are analyzing some traffic around the proxies and keep seeing traffic from both servers on IP Protocol 14 (IANA lists is at emcon, but I can't find much other information on it) but from the packets, it appears to be cache-data, except it's not bound for the other array member, it's bound for an IP Address similar to the other array member, except the second octet is different.
For instance, the one server (165.226.204.46) is attempting to connect to 165.234.204.47 (where the other server is 165.226.204.47), and vice-versa. I can't find any reason for this, nor any record of that other ip address in our configuration anywhere and the only thing a google search turned up was this article: http://www.informit.com/articles/article.aspx?p=169637&seqNum=2 which oddly includes that network in it's example.
Any thoughts?
thanks!
Dawn
|
|
|
|
RE: IP Protocol 14 traffic? - 21.Dec.2007 7:32:37 PM
|
|
|
AHIT
Posts: 1561
Joined: 22.Jul.2002
From: Sydney, Australia
Status: offline
|
Hmnm.. very little information indeed on Protocl 14.
Most of the references I've found to EMCON are military type stuff!
Perhaps you're being monitored by armed forces! <jokes>
Hit arin.net ond find out what you can about the IP address assignment.
Wondering if perhaps it's a scheduled download of a site hence it looks liek cache data?
check out your WEBDyyyymmdd.log's to see if you can find any reference to the IP address.
Best O' luck!
_____________________________
http://www.ahit.com.au/isa
(Previous nick: Tolk)
|
|
|
|
|
RE: IP Protocol 14 traffic? - 24.Dec.2007 9:58:51 AM
|
|
|
dawnmwhite
Posts: 6
Joined: 22.May2003
Status: offline
|
The IP Block is owned by the State of North Dakota (seems to be assigned to their school districts) and we have no scheduled content configured for downloading....
dawn
|
|
|
|
|
RE: IP Protocol 14 traffic? - 30.Dec.2007 7:57:52 PM
|
|
|
AHIT
Posts: 1561
Joined: 22.Jul.2002
From: Sydney, Australia
Status: offline
|
additionally within those logs each line should indicate who (via username or client IP address) is trying to access the content.
this may be beneficial by visiting said client machine to see what it's doing! perhaps an internal client is running some form of torrent application or tunneling app over that port/protocol???
_____________________________
http://www.ahit.com.au/isa
(Previous nick: Tolk)
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
