Fw: spoofed packets to RFC 1918 addresses

From: HggdH (hggdhat_private)
Date: Thu Jun 27 2002 - 15:05:06 PDT

Next message: Tobias Rosenstock: "Re: Apache goes berserk"

Previous message: Shane Carroll: "RE: spoofed packets to RFC 1918 addresses"
Maybe in reply to: Dirk Koopman: "spoofed packets to RFC 1918 addresses"
Next in thread: Sterling, Chuck: "RE: spoofed packets to RFC 1918 addresses"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I wonder ... I just remembered that at least the Linksys DSL/Cable routers,
by default, sit at 192.168.1.x; the DMZ is, usually, on the same subnet.

Would someone be looking for Windows hosts there? As Linksys puts it, a
machine in the DMZ is completely exposed to the Internet. No firewall
protection.

..hggdh..
----- Original Message -----
From: "Robert E. Lee" <relat_private>
(snip)
My organization saw some connection attempts to an rfc1918 space on our
firewall in the past few days as well.  Specifically ip's in the
192.168.1.0/24 space, and specifically on tcp port 137.  The firewall
marked the packets as being spoofed, and dropped them.
(snip)


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: Tobias Rosenstock: "Re: Apache goes berserk"
Previous message: Shane Carroll: "RE: spoofed packets to RFC 1918 addresses"
Maybe in reply to: Dirk Koopman: "spoofed packets to RFC 1918 addresses"
Next in thread: Sterling, Chuck: "RE: spoofed packets to RFC 1918 addresses"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Jun 27 2002 - 17:11:52 PDT