We are in the process of migrating this forum. A new space will be available soon. We are sorry for the inconvenience.

IPv4 to IPv6 Relay


skegyuk
04-02-2015, 16:34
Hi All,

I was wondering if anyone else has had below issue:

Code:
- START OF ADDITIONAL INFORMATION -

Attack detail : 2Kpps/2Mbps
dateTime srcIp:srcPort dstIp:dstPort protocol flags bytes reason 
2015.02.04 16:44:12 CET 127.0.0.1:0 192.88.99.1:0 41 --- 1300 ATTACK:OTHER 
2015.02.04 16:44:12 CET 127.0.0.1:0 192.88.99.1:0 41 --- 1300 ATTACK:OTHER 
2015.02.04 16:44:12 CET 127.0.0.1:0 192.88.99.1:0 41 --- 1300 ATTACK:OTHER 
2015.02.04 16:44:12 CET 127.0.0.1:0 192.88.99.1:0 41 --- 1300 ATTACK:OTHER 
2015.02.04 16:44:12 CET 127.0.0.1:0 192.88.99.1:0 41 --- 1300 ATTACK:OTHER 
2015.02.04 16:44:12 CET 127.0.0.1:0 192.88.99.1:0 41 --- 1300 ATTACK:OTHER 
2015.02.04 16:44:12 CET 127.0.0.1:0 192.88.99.1:0 41 --- 1300 ATTACK:OTHER 
2015.02.04 16:44:12 CET 127.0.0.1:0 192.88.99.1:0 41 --- 1300 ATTACK:OTHER 
2015.02.04 16:44:12 CET 127.0.0.1:0 192.88.99.1:0 41 --- 1300 ATTACK:OTHER 
2015.02.04 16:44:12 CET 127.0.0.1:0 192.88.99.1:0 41 --- 1300 ATTACK:OTHER 
2015.02.04 16:44:12 CET 127.0.0.1:0 192.88.99.1:0 41 --- 1300 ATTACK:OTHER 
2015.02.04 16:44:12 CET 127.0.0.1:0 192.88.99.1:0 41 --- 1300 ATTACK:OTHER 
2015.02.04 16:44:12 CET 127.0.0.1:0 192.88.99.1:0 41 --- 1300 ATTACK:OTHER 
2015.02.04 16:44:12 CET 127.0.0.1:0 192.88.99.1:0 41 --- 1300 ATTACK:OTHER 
2015.02.04 16:44:12 CET 127.0.0.1:0 192.88.99.1:0 41 --- 1300 ATTACK:OTHER 
2015.02.04 16:44:12 CET 127.0.0.1:0 192.88.99.1:0 41 --- 1300 ATTACK:OTHER 
2015.02.04 16:44:12 CET 127.0.0.1:0 192.88.99.1:0 41 --- 1300 ATTACK:OTHER 
2015.02.04 16:44:12 CET 127.0.0.1:0 192.88.99.1:0 41 --- 1300 ATTACK:OTHER 
2015.02.04 16:44:12 CET 127.0.0.1:0 192.88.99.1:0 41 --- 1300 ATTACK:OTHER 
2015.02.04 16:44:12 CET 127.0.0.1:0 192.88.99.1:0 41 --- 1300 ATTACK:OTHER 



- END OF ADDITIONAL INFORMATION -
I have checked logs and can't find anything that would point towards abuse - this IP is sued for:

Code:
Comment:        Addresses starting with "192.88.99." are used by anyone running a 6to4 relay 
router.  Many different organizations use these addresses, which means they cannot be used to 
identify an individual network operator.
Comment:        
Comment:        The 6to4 protocol provides tunneled IPv6 connectivity for networks without 
native IPv6 access.
I am thinking that the OVH firewall picked this up in error as any IPv4 to IPv6 conversion is going to hit this IP - so it may look like an attack?

Any ideas?

Danny