Re: Ip spoof from 0.0.0.0

• Previous message: Rainer Duffner: "Re: anoat_private ftpd dip.t-dialin.net"
• In reply to: Paul Gillingwater: "Re: Ip spoof from 0.0.0.0"
• Next in thread: batz: "Re: Ip spoof from 0.0.0.0"
• Next in thread: Pavel Kankovsky: "Re: Ip spoof from 0.0.0.0"
• Reply: batz: "Re: Ip spoof from 0.0.0.0"
• Reply: Jason Robertson: "Re: Ip spoof from 0.0.0.0"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

----- Original Message -----
From: "Paul Gillingwater" <paulat_private>
To: "Frank Cheong" <chocobofrankat_private>
Cc: <incidentsat_private>
Sent: Wednesday, November 06, 2002 7:08 PM
Subject: Re: Ip spoof from 0.0.0.0

[snip]
> your router, not the remote attacker.  The best you could do is ask your
> upstream ISP to filter outgoing traffic to drop IP packets with invalid
> source addresses like 0.0.0.0.
[snip]

Good advice, also good luck ;-)
Try (tcp)tracerouting to RFC1918 addresses or IANA reserved netblocks
through ISP's - quite scary how far you get sometimes before somebody with
clue > 0 has been at the router configs and it gets dropped...

Cheers.


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

• Next message: Valdis.Kletnieksat_private: "Re: anoat_private ftpd dip.t-dialin.net"
• Previous message: Rainer Duffner: "Re: anoat_private ftpd dip.t-dialin.net"
• In reply to: Paul Gillingwater: "Re: Ip spoof from 0.0.0.0"
• Next in thread: batz: "Re: Ip spoof from 0.0.0.0"
• Next in thread: Pavel Kankovsky: "Re: Ip spoof from 0.0.0.0"
• Reply: batz: "Re: Ip spoof from 0.0.0.0"
• Reply: Jason Robertson: "Re: Ip spoof from 0.0.0.0"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Nov 07 2002 - 12:03:24 PST