Re: Ip spoof from 0.0.0.0

From: Frank Cheong (chocobofrankat_private)
Date: Wed Nov 06 2002 - 01:37:52 PST

Next message: Owen McCusker: "anoat_private ftpd dip.t-dialin.net"

Previous message: Paul Gillingwater: "Re: Ip spoof from 0.0.0.0"
Maybe in reply to: Ingersoll, Jared: "Ip spoof from 0.0.0.0"
Next in thread: Mike Lewinski: "Re: Ip spoof from 0.0.0.0"
Reply: Mike Lewinski: "Re: Ip spoof from 0.0.0.0"
Reply: Paul Gillingwater: "Re: Ip spoof from 0.0.0.0"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

('binary' encoding is not supported, stored as-is) In-Reply-To: <B1E4D3274D57D411BE8400D0B783FF320145C491at_private> o yes, I also get these kind of attack these few days while some of them leaving a MAC Address 00.30.B6.D0.3C.EC so what can I do to stop these attack now ? As all I got is only a MAC address. Pls find below abstract from my the firewall log (Destination IP Address has been masked intentionally). 11/01/2002 18:59:48.560 - IP spoof detected - Source:0.0.0.0, 3004, WAN - Destination:A.B.C.110, 445, LAN - MAC address: 00.D0.BC.EC.E9.98 - 11/01/2002 22:38:15.304 - IP spoof detected - Source:0.0.0.0, 3909, WAN - Destination:A.B.C.103, 445, LAN - MAC address: 00.D0.BC.EC.E9.98 - 11/02/2002 17:45:31.064 - IP spoof detected - Source:0.0.0.0, 3004, WAN - Destination:A.B.C.110, 445, LAN - MAC address: 00.D0.BC.EC.E9.98 - 11/02/2002 18:10:00.080 - IP spoof detected - Source:0.0.0.0, 3020, WAN - Destination:A.B.C.106, 445, LAN - MAC address: 00.30.B6.D0.3C.EC - 11/03/2002 04:22:48.704 - IP spoof detected - Source:0.0.0.0, 2874, WAN - Destination:A.B.C.106, 445, LAN - MAC address: 00.30.B6.D0.3C.EC - 11/04/2002 16:17:50.528 - IP spoof detected - Source:0.0.0.0, 2808, WAN - Destination:A.B.C.104, 445, LAN - MAC address: 00.D0.BC.EC.E9.98 - 11/04/2002 19:51:56.672 - IP spoof detected - Source:0.0.0.0, 3000, WAN - Destination:A.B.C.111, 445, LAN - MAC address: 00.30.B6.D0.3C.EC - 11/04/2002 21:18:56.608 - IP spoof detected - Source:0.0.0.0, 2743, WAN - Destination:A.B.C.102, 445, LAN - MAC address: 00.30.B6.D0.3C.EC - 11/05/2002 16:36:26.464 - IP spoof detected - Source:0.0.0.0, 4040, WAN - Destination:A.B.C.107, 445, LAN - MAC address: 00.30.B6.D0.3C.EC - 11/05/2002 17:25:23.352 - IP spoof detected - Source:0.0.0.0, 1098, WAN - Destination:A.B.C.111, 445, LAN - MAC address: 00.30.B6.D0.3C.EC - Frank ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com

Next message: Owen McCusker: "anoat_private ftpd dip.t-dialin.net"
Previous message: Paul Gillingwater: "Re: Ip spoof from 0.0.0.0"
Maybe in reply to: Ingersoll, Jared: "Ip spoof from 0.0.0.0"
Next in thread: Mike Lewinski: "Re: Ip spoof from 0.0.0.0"
Reply: Mike Lewinski: "Re: Ip spoof from 0.0.0.0"
Reply: Paul Gillingwater: "Re: Ip spoof from 0.0.0.0"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Nov 06 2002 - 16:30:59 PST