|
|
| Applications |
| Mailing Lists |
| Miscellaneous |
| Operating Systems |
| Programming |
Re: Ip spoof from 0.0.0.0
From: David Gillett <gillettdavid(at)fhda.edu>
Date: Thu Nov 07 2002 - 20:03:57 EST
This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com Received on Fri Nov 8 19:08:35 2002
Date: Thu Nov 07 2002 - 20:03:57 EST
I too caught a whiff of this.
But what's somewhat more worrying is that in the last week I've also seen probes of port 445 from 3 other addresses:
- 1 packet with an IP source address that appears to put it in China.
- half a dozen with the (spoofed) origin address of a Cisco router on the edge of my network.
- several dozen with the (spoofed) origin address of an Alcatel router at the core of my network. Packets with this origin address would have been blocked by anti-spoofing rules at my border if they were coming from outside my network.
Conclusion, then, is that I have a source for this traffic somewhere inside my network.
Any hints what this traffic is really trying to do or what causes it?
David Gillett
This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com Received on Fri Nov 8 19:08:35 2002
This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:01:50 EDT
|
Contact Us Legal Notices Order Services Online Pantek Home Privacy Policy IT news Site Map Pantek Library |