|
|
| Applications |
| Mailing Lists |
| Miscellaneous |
| Operating Systems |
| Programming |
RE: Packets from 255.255.255.255(80) (was: Packet from port 80 with spoofed microsoft.com ip)
Date: Mon Feb 03 2003 - 10:40:02 EST
The best way to handle these types of packets would be to route them to a null0 interface. This way the packets will be dropped without icmp response. Typically all ISP should have these ACL's configured on their border routers; but they don't.
JT
-----Original Message-----
From: Hugo van der Kooij [mailto:hvdkooij@vanderkooij.org]
Sent: Sunday, February 02, 2003 12:33 PM
To: Incidents Mailing List
Subject: Re: Packets from 255.255.255.255(80) (was: Packet from port 80
with spoofed microsoft.com ip)
On Fri, 31 Jan 2003, Tomasz Papszun wrote:
> On Fri, 31 Jan 2003 at 3:01:49 +0100, Peter Triller wrote:
The default behaviour for filtering must be to DROP the packets. This is standard in all known firewalls and should be considered common knowledge.
Hugo.
--
All email sent to me is bound to the rules described on my homepage.
hvdkooij(at)vanderkooij.org
http://hvdkooij.xs4all.nl/
Don't meddle in the affairs of sysadmins,
for they are subtle and quick to anger.
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see:
http://aris.securityfocus.com
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see:
http://aris.securityfocus.com
Received on Mon Feb 3 10:50:52 2003
This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:01:57 EDT
|
Contact Us Legal Notices Order Services Online Pantek Home Privacy Policy IT news Site Map Pantek Library |