Greets
OBSD 3.4 Generic release firewall. Running just fine until last night.
I have come across 18,744 identical packets when viewing
the logs after an outage over night.
The last packet before the outage is a very normal and
known source ICMP packet with a timestamp of 5:29:29.699563
The next packet and for the next 30 seconds for a total of 18744 packets
this is what was logged.
Using Ethereal
---------------
(top window)
23044 17:00:00.000000 Ethernet [Malformed
Packet]
(middle window)
Frame 23044 ( 0 bytes on wire, 0 bytes captured)
Arrival Time: Dec 31, 1969 17:00:00.000000000
Time delta from previous packet: -1093865369.699563000 seconds
Time since reference or first frame: -1093863602.414474000 seconds
Frame Number: 23044
Packet Length: 0 bytes
Capture Length: 0 bytes
[Malformed Packet: Ethernet]
That is the example that carries on to packet number 41799. I know the
logging carried on to 5:30A as it is the final timestamp on the dump which
are rotated every 30 minutes. All of the logs checked start and finish
exactly on the hour and half hour so the rotating or compressing of the file
was still a long way off.
The firewall was unresponsive until rebooted.
Has anyone seen this packet before?? I haven't seen any exactly like this
one.
Sincerely
Bob D
