Hello All , Maybe I am missing (or have missed) something . Here is the log entry & dig & whois info . Just kinda interested in info on this phenomenon . I've received many SPI assoc. requests at my poor ol' router over the few years it's been online , Most of them are from S.E. Asia & few from Africa others from EU , But by & far most of them are USA based Webservers by their dig & whois info . A very small few are from org's such as FB . I usually just ignore these as some fluke or if I know a contact at the site I send them the info . 1 ) Is there an orginazation that is mapping unsecured ipsec boxen ? 2 ) Has or is anyone else receiving attempts at establishing association ? 3 ) Is anyone recording these or interested in keeping records ? 4 ) Anything elso I would be interested in along the lines of assoc. attempts & why they are being attempted ? Tia , JimL Mar 17 21:48:47.637: %CRYPTO-4-RECVD_PKT_INV_SPI: decaps: rec'd IPSEC packet has invalid spi for destaddr=xx.yy.zz.aa, prot=50, spi=0xE3488400(3813180416), srcaddr=69.171.255.12 $ dig -x 69.171.255.12 ; <<>> DiG 9.9.1-P3 <<>> -x 69.171.255.12 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 36105 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;12.255.171.69.in-addr.arpa. IN PTR ;; AUTHORITY SECTION: 255.171.69.in-addr.arpa. 3600 IN SOA a.ns.facebook.com. dns.facebook.com. 1363497425 7200 1800 604800 3600 ;; Query time: 528 msec ;; SERVER: 199.33.245.55#53(199.33.245.55) ;; WHEN: Sun Mar 17 14:14:40 2013 ;; MSG SIZE rcvd: 112 $ whois 69.171.255.12 # # Query terms are ambiguous. The query is assumed to be: # "n 69.171.255.12" # # Use "?" to get help. # # # The following results may also be obtained via: # http://whois.arin.net/rest/nets;q=69.171.255.12?showDetails=true&showARIN=false&ext=netref2 # NetRange: 69.171.224.0 - 69.171.255.255 CIDR: 69.171.224.0/19 OriginAS: AS32934 NetName: TFBNET3 NetHandle: NET-69-171-224-0-1 Parent: NET-69-0-0-0-0 NetType: Direct Assignment RegDate: 2010-08-05 Updated: 2012-02-24 Ref: http://whois.arin.net/rest/net/NET-69-171-224-0-1 OrgName: Facebook, Inc. OrgId: THEFA-3 Address: 1601 Willow Rd. City: Menlo Park StateProv: CA PostalCode: 94025 Country: US RegDate: 2004-08-11 Updated: 2012-04-17 Ref: http://whois.arin.net/rest/org/THEFA-3 OrgTechHandle: OPERA82-ARIN OrgTechName: Operations OrgTechPhone: +1-650-543-4800 OrgTechEmail: noc@fb.com OrgTechRef: http://whois.arin.net/rest/poc/OPERA82-ARIN OrgAbuseHandle: OPERA82-ARIN OrgAbuseName: Operations OrgAbusePhone: +1-650-543-4800 OrgAbuseEmail: noc@fb.com OrgAbuseRef: http://whois.arin.net/rest/poc/OPERA82-ARIN # # ARIN WHOIS data and services are subject to the Terms of Use # available at: https://www.arin.net/whois_tou.html # -- +------------------------------------------------------------------+ | James W. Laferriere | System Techniques | Give me VMS | | Network&System Engineer | 3237 Holden Road | Give me Linux | | babydr@baby-dragons.com | Fairbanks, AK. 99709 | only on AXP | +------------------------------------------------------------------+