16 messages in edu.merit.nanogRe: impossible circuit
FromSent OnAttachments
Jon LewisAug 10, 2008 8:15 pm 
George CareyAug 10, 2008 10:24 pm 
Laurence F. Sheldon, Jr.Aug 11, 2008 6:27 am 
Justin ShoreAug 11, 2008 1:16 pm 
Jay R. AshworthAug 11, 2008 1:22 pm 
list...@pwns.msAug 12, 2008 4:36 am 
Jon LewisAug 12, 2008 7:37 am 
Andy JohnsonAug 13, 2008 7:41 am 
Justin ShoreAug 13, 2008 9:02 am 
Jon LewisAug 13, 2008 9:29 am 
Andy JohnsonAug 13, 2008 11:27 am 
Jared MauchAug 13, 2008 11:33 am 
Jon LewisAug 16, 2008 11:07 pm 
list...@pwns.msAug 16, 2008 11:36 pm 
Jay HenniganAug 16, 2008 11:56 pm 
Paul WallAug 18, 2008 1:46 pm 
Actions with this message:
Paste this link in email or IM:
Paste this link in email or IM:
Atom feed for this thread
Paste this URL into your reader:
Subject:Re: impossible circuitActions...
From:Andy Johnson (andy@ij.net)
Date:Aug 13, 2008 7:41:52 am
List:edu.merit.nanog

The only things I can think of that might be the cause are misconfiguration in a DACS/mux somewhere along the circuit path or perhaps a mishandled lawful intercept. I don't have enough experience with either or enough access to the systems that provide the circuit to do any more than speculate. Has anyone else ever seen anything like this?

I'm not sure how a DACS/mux misconfiguration would do this. There would have to be some intelligent device grabbing those IP packets and forwarding them on to another IP router, which seems really likely.

Have you noticed any unusual shifts in pattern on the internal network of your Ocala office? I wonder if somebody decided it would be clever to start up a VPN tunnel on a host inside your network, and also set the host in promiscuous mode, forwarding every packet it gets back out that tunnel.

The only argument I can come up against this tunnel/host, is that when you changed line encapsulation modes, it went away. However, could have just dropped the tunnel or the host that was misbehaving decided it was a good time to stop.