Wednesday, January 16, 2019

Weird traffic coming from 127.0.0.2 on router

I was doing some debugging on an Adtran router and saw lots of ICMP traffic outbound to a lot of dodgy IPs in other countries (Russia, China etc.). The source is 127.0.0.2 which I presume is a local interface on the router. Debug shows the traffic is not being permitted but I'd like to figure out what is causing it. There may be other traffic that is getting out that I don't know about yet.

Any idea what might be going on? I'm wondering if the router is compromised.



No comments:

Post a Comment