An Internet Storm Center forums user is reporting an increase in Protocol 47 traffic over the last two weeks. Researchers have detected this via backscatter IBR. Typically, this type of traffic is used for Generic Route Encapsulation (GRE). Many forms of VPN traffic are tunneled through GRE. An astute ISC commenter reports that the payloads don’t carry the correct headers to properly carry out the GRE->IP->GRE->IP attack.
Possible Target: Taiwanese Chungwa Telco
By analyzing the backscatter traffic, the ISC community has determined that the majority of the targets are in Taiwan. The IP addresses are associated with a telco company called Chungwa. However, no information exists about an ongoing DDoS there. Finally, an update shows there are upticks via protocol 132 and 255 as well. These are Stream Control Transmission Protocol and Reserved/Unknown, respectively.