Packets to 224.0.0.1 are only for the local subnet and should not be forwarded. If they were sourced from the DoD, they should never have made it to your site. Also took a quick look at a route server, that network isn't in the global tables.

Occam's razor would suggest that it's a misconfiguration or some other crap on the network.

As an aside, I once had an RSA token server that had its config file corrupted. When we turned it on, it would spew packets at the DoD. After a brief panic, then a laugh, we figured out the problem and the DOS went away. Wondering if there's some pattern in the numbers.

Sean

On Tue, Feb 11, 2014 at 5:48 AM, Trevor Cordes <trevor@tecnopolis.ca> wrote:

Starting Feb 4 I've been receiving on my Shaw modem connection an IP
protocol 2 (IGMP) packet to 224.0.0.1 (all hosts multicast) from
22.34.128.1 (US DoD!!) every 1 minute on the dot. I've gotten over 10,000
so far. My iptables DROPs them all, but I'm wondering WTF? Is something
misconfigured on the net with the DoD or Shaw or am I being targeted by
DoD for some reason?
_______________________________________________
Roundtable mailing list
Roundtable@muug.mb.ca
http://www.muug.mb.ca/mailman/listinfo/roundtable

--
Sean Walberg <sean@ertw.com> http://ertw.com/