Re: Packets from 255.255.255.255(80) (was: Packet from port 80 with spoofed microsoft.com ip)

The Same at my network here in germany.
Has anybody an idea?

Regards Chris

• Original Message ----- From: "Tomasz Papszun" <tomek-incid@lodz.tpsa.pl> To: <incidents@securityfocus.com> Sent: Thursday, January 30, 2003 7:03 PM Subject: Packets from 255.255.255.255(80) (was: Packet from port 80 with spoofed microsoft.com ip)

> On Thu, 30 Jan 2003 at 14:31:36 +1100, Keith Owens wrote:
S866282571:866282571(0) ack 268566529 win 16384 <mss 1460>
> >
> > I am seeing a lot of sync/ack packets from port 80 to non-existent
> > addresses on my networks. Somebody is spoofing source addresses to
> > attack hosts, we are just innocent victims. When will ISPs learn that
> > they should filter their customer's packets to prevent spoofing? I am
> > even seeing syn/ack packets from 255.255.255.255:80!
> >
>
> Similarly at my networks.

--

> This list is provided by the SecurityFocus ARIS analyzer service.

> For more information on this free incident handling, management

> and tracking system please see: http://aris.securityfocus.com

>

>




----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: 
http://aris.securityfocus.com