Hello All ,
Maybe I am missing (or have missed) something .
Here is the log entry & dig & whois info . Just kinda interested in info on this phenomenon .
I've received many SPI assoc. requests at my poor ol' router over the few years it's been online , Most of them are from S.E. Asia & few from Africa others from EU , But by & far most of them are USA based Webservers by their dig & whois info . A very small few are from org's such as FB . I usually just ignore these as some fluke or if I know a contact at the site I send them the info .
1 ) Is there an orginazation that is mapping unsecured ipsec boxen ?
2 ) Has or is anyone else receiving attempts at establishing association ?
3 ) Is anyone recording these or interested in keeping records ?
4 ) Anything elso I would be interested in along the lines of assoc. attempts & why they are being attempted ?
Tia , JimL
Mar 17 21:48:47.637: %CRYPTO-4-RECVD_PKT_INV_SPI: decaps: rec'd IPSEC packet has invalid spi for destaddr=xx.yy.zz.aa, prot=50, spi=0xE3488400(3813180416), srcaddr=69.171.255.12
$ dig -x 69.171.255.12
; <<>> DiG 9.9.1-P3 <<>> -x 69.171.255.12
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 36105
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;12.255.171.69.in-addr.arpa. IN PTR
;; AUTHORITY SECTION:
255.171.69.in-addr.arpa. 3600 IN SOA a.ns.facebook.com. dns.facebook.com. 1363497425 7200 1800 604800 3600
;; Query time: 528 msec
;; SERVER: 199.33.245.55#53(199.33.245.55)
;; WHEN: Sun Mar 17 14:14:40 2013
;; MSG SIZE rcvd: 112
$ whois 69.171.255.12