fallonsupport
asked on
Traffic causing network problems
We have twice in the past week seen this traffic that appears to be coming from outside our network at first glance to one of our DSL customers.
9 IP-66.119.33.206 IP-172.16.7.248 64 19:04:26.199174 HTTPS Src= 443,Dst= 2198
10 IP-66.119.33.206 IP-172.16.7.248 64 19:04:26.214186 HTTPS Src= 443,Dst= 2198
11 IP-66.119.33.206 IP-172.16.7.248 64 19:04:26.244356 HTTPS Src= 443,Dst= 2198
12 IP-66.119.33.206 IP-172.16.7.248 64 19:04:26.256164 HTTPS Src= 443,Dst= 2198
13 IP-66.119.33.206 IP-172.16.7.248 64 19:04:26.268733 HTTPS Src= 443,Dst= 2198
While this traffic is present other customers on this network can no longer access the Internet nor can they renew or receive an IP address from our dhcp server.
The 66 address resolves to marketscore.com. Anyone seen this before? One item that comes to mind is that I placed a ACL in our edge router to block all traffic from this particular address with no results. That makes me think the traffic may not have been actually coming from outside. It's currently not happening but if it does again I'll be better able to identify if it in in fact coming from outside.
9 IP-66.119.33.206 IP-172.16.7.248 64 19:04:26.199174 HTTPS Src= 443,Dst= 2198
10 IP-66.119.33.206 IP-172.16.7.248 64 19:04:26.214186 HTTPS Src= 443,Dst= 2198
11 IP-66.119.33.206 IP-172.16.7.248 64 19:04:26.244356 HTTPS Src= 443,Dst= 2198
12 IP-66.119.33.206 IP-172.16.7.248 64 19:04:26.256164 HTTPS Src= 443,Dst= 2198
13 IP-66.119.33.206 IP-172.16.7.248 64 19:04:26.268733 HTTPS Src= 443,Dst= 2198
While this traffic is present other customers on this network can no longer access the Internet nor can they renew or receive an IP address from our dhcp server.
The 66 address resolves to marketscore.com. Anyone seen this before? One item that comes to mind is that I placed a ACL in our edge router to block all traffic from this particular address with no results. That makes me think the traffic may not have been actually coming from outside. It's currently not happening but if it does again I'll be better able to identify if it in in fact coming from outside.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Is there any traffic the other direction? It would seem that this traffic is return traffic since it's ssl to a high-numbered port. Or... it's spoofed traffic that's causing your customer a DOS because it doesn't know what to do with these packets?