Re: spoofing 255.255.255.255 techniques

From: Blake Frantz (blakeat_private)
Date: Thu Jul 05 2001 - 19:13:58 PDT

Next message: Kokie Tjan: "Compiling Netcat on Mac OS X"

Previous message: Tony Langdon: "RE: New legislation in Australia to make pen-testing illegal?"
In reply to: Curt Wilson: "spoofing 255.255.255.255 techniques"
Next in thread: Erik Nodland: "RE: Re: spoofing 255.255.255.255 techniques"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> Our PIX does not indicate source or destination ports 
> perhaps because the "IP spoof" criteria was already 
> triggered in its logic chain, denying the packet and 
> making a syslog entry.

It's been my experience that the PIX will not provide port information if
the packet is blocked by an ACL.  However, it *will* provide port
information if the packet is blocked because there is no "conduit"
allowing the traffic.

I'm not sure if the spoof detection mechanism supercedes this.

Hope this helps.

-Blake


--------------------------------------------------------------------------------------

This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service
For more information on SecurityFocus' SIA service which automatically alerts you to 
the latest security vulnerabilities please see:

https://alerts.securityfocus.com/

Next message: Kokie Tjan: "Compiling Netcat on Mac OS X"
Previous message: Tony Langdon: "RE: New legislation in Australia to make pen-testing illegal?"
In reply to: Curt Wilson: "spoofing 255.255.255.255 techniques"
Next in thread: Erik Nodland: "RE: Re: spoofing 255.255.255.255 techniques"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Jul 06 2001 - 08:09:27 PDT