来自 HP 2910 交换机的神秘 ICMP 数据包

网络工程 转变 国际会议
2021-07-06 23:16:35

我们有一对 HP 2910al-24G 交换机,在我们的一个地点内部使用。它们都使用最新的固件和软件进行了更新,并且运行良好。

在对我们的防火墙日志进行例行检查时,我们发现这两台交换机似乎都向一组一致的地址发送了一系列 ICMP 数据包。看不到进出该地址的其他流量。

日志条目如下:

2016-03-19 08:32:45 crit    ICMP ping id=0! From 10.1.1.53 to 18.213.146.12, proto 1 (zone Trust, int bgroup0). Occurred 1 times.
2016-03-19 08:32:15 crit    ICMP ping id=0! From 10.1.1.52 to 18.213.177.108, proto 1 (zone Trust, int bgroup0). Occurred 1 times.

有谁知道这些数据包是什么?

这是其中一个交换机的配置文件:

show config


Startup configuration:


; J9145A Configuration Editor; Created on release #W.15.14.0007
; Ver #05:18.63.ff.35.05:b1
hostname "sw13"
module 1 type j9145a
module 2 type j9008a
module 3 type j9008a
timesync sntp
sntp unicast
sntp server priority 1 191.168.1.30
no telnet-server
time daylight-time-rule continental-us-and-canada
time timezone -480
web-management ssl
ip authorized-managers 191.168.1.93 255.255.255.255 access manager
ip authorized-managers 191.168.1.90 255.255.255.255 access manager
ip authorized-managers 191.168.1.92 255.255.255.255 access manager
ip authorized-managers 191.168.1.21 255.255.255.255 access manager
ip authorized-managers 191.168.1.51 255.255.255.255 access manager
ip authorized-managers 191.168.1.58 255.255.255.255 access manager
ip authorized-managers 191.168.1.104 255.255.255.255 access manager
ip authorized-managers 191.168.1.30 255.255.255.255 access manager
ip authorized-managers 191.168.1.29 255.255.255.255 access manager
ip default-gateway 191.168.1.1
ip ssh filetransfer
interface 1
   name "xy-sw1"
   exit
interface 2
   name "xy-sw2"
   exit
interface 3
   name "xy-sw3"
   exit
interface 4
   name "xy-sw4"
   exit
interface 5
   name "xy-lin14"
   exit
interface 6
   name "xy-esxi1-nic6"
   exit
interface 7
   name "xy-esxi1-nic7"
   exit
interface 8
   name "xy-esxi3-nic7"
   exit
interface 9
   name "xy-esxi3-nic6"
   exit
interface 10
   name "xy-sw12"
   exit
interface 13
   name "xy-esxi2-nic6"
   exit
interface 14
   name "xy-esxi2-nic7"
   exit
interface 15
   name "xy-win3"
   exit
interface 19
   name "Office"
   exit
interface 20
   name "Office"
   exit
interface 21
   name "Mgt Port xy-ids1"
   exit
interface 23
   name "xy-sw14"
   exit
snmp-server community "supersecret..." unrestricted
vlan 1
   name "DEFAULT_VLAN"
   untagged 1-24,A1-A2,B1-B2
   ip address 191.168.1.52 255.255.252.0
   exit
spanning-tree
spanning-tree priority 1
no tftp client
no tftp server
no autorun
no dhcp config-file-update
password manager
password operator


xy-sw13#
1个回答

这两个 IP 今天都已注册到亚马逊,所以我猜这是托管在 AWS 上的与 Aruba Cloud 相关的东西。他们可能从麻省理工学院获得了一些未使用的 IP 段,并且 ARIN 记录的更新有所延迟(whois.arin.net 显示他们于 17 年 4 月注册到亚马逊)。

其它你可能感兴趣的问题
上一篇语音家庭实验室 Cisco Devices 下一篇专用网络和子网之间有什么区别?