For all of you who want the list of bogus IP's http://www.cymru.com/Documents/bogon-list.html As for 0.0.0.0, it is used for DHCP, but it shouldn't go beyond your gateway, or anyone elses. Also the addressing is usually 0.0.0.0 -> 255.255.255.255 67 At least on our network at work... On 6 Nov 2002 at 23:53, Nexus wrote: From: "Nexus" <nexusat_private-way.co.uk> To: "Frank Cheong" <chocobofrankat_private>, "Paul Gillingwater" <paulat_private> Copies to: <incidentsat_private> Subject: Re: Ip spoof from 0.0.0.0 Date sent: Wed, 6 Nov 2002 23:53:10 -0000 > > ----- Original Message ----- > From: "Paul Gillingwater" <paulat_private> > To: "Frank Cheong" <chocobofrankat_private> > Cc: <incidentsat_private> > Sent: Wednesday, November 06, 2002 7:08 PM > Subject: Re: Ip spoof from 0.0.0.0 > > [snip] > > your router, not the remote attacker. The best you could do is ask your > > upstream ISP to filter outgoing traffic to drop IP packets with invalid > > source addresses like 0.0.0.0. > [snip] > > Good advice, also good luck ;-) > Try (tcp)tracerouting to RFC1918 addresses or IANA reserved netblocks > through ISP's - quite scary how far you get sometimes before somebody with > clue > 0 has been at the router configs and it gets dropped... > > Cheers. > > > ---------------------------------------------------------------------------- > This list is provided by the SecurityFocus ARIS analyzer service. > For more information on this free incident handling, management > and tracking system please see: http://aris.securityfocus.com > > -- Jason Robertson Now at the Nation Research Council. ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Fri Nov 08 2002 - 08:41:36 PST