Re: Deny IP spoof from 255.255.255.255

From: Crist Clark (crist.clarkat_private)
Date: Fri Jul 06 2001 - 10:50:40 PDT

  • Next message: Jens Hektor: "Re: Deny IP spoof from 255.255.255.255"

    Curt Wilson wrote:
    [snip]
    
    > I realize that both of these references don't refer
    > 
    > directly to such a packet but I am curious about these
    > 
    > techniques.
    
    The techniques you referenced all deal with sending packets to a 
    broadcast or multicast _destination_ address. I am not aware of any
    useful attacks using the broadcast address, 255.255.255.255, as the
    SOURCE. I believe the general impression is that the 
    255.255.255.255:31337 to *:515 packets are the product of a broken worm 
    or tool.
    -- 
    Crist J. Clark                                Network Security Engineer
    crist.clarkat_private                    Globalstar, L.P.
    (408) 933-4387                                FAX: (408) 933-4926
    
    The information contained in this e-mail message is confidential,
    intended only for the use of the individual or entity named above.  If
    the reader of this e-mail is not the intended recipient, or the employee
    or agent responsible to deliver it to the intended recipient, you are
    hereby notified that any review, dissemination, distribution or copying
    of this communication is strictly prohibited.  If you have received this
    e-mail in error, please contact postmasterat_private
    
    
    ----------------------------------------------------------------------------
    
    
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management 
    and tracking system please see:
    
    http://aris.securityfocus.com
    



    This archive was generated by hypermail 2b30 : Fri Jul 06 2001 - 13:35:24 PDT