I'm setting up iptables filtering on the new machines to keep prying eyes outside of local services. I've noticed a couple oddities:

Lots of mysterious UDP broadcasts from 66.230.233.252. This subnet is listed on several spam blacklists; I've just dropped all connections from that IP to keep it out of the logs.

Every 5 seconds there's a UDP broadcast to port 712 from 66.230.230.50 and 207.142.136.94. This port is apparently for "Topology Broadcast Based on Reverse-Path Forwarding (TBRPF)"...? I've set it to drop and ignore these.

I also saw an ICMP type 10 ("Router solicitation message"?) or two from 10.135.1.2, which is on the reserved 10/8 network. Either they're using the reserved network for some sort of internal routing at this place, or somebody's spoofing. I don't really like the idea of spoofing, since some of our internal services are authenticated partially or wholly by IP (such as memcached) and it'd be nice to be sure that something claiming to be in our subnet really is.

-- brion vibber (brion @ pobox.com)