Hosting Provided By

Re: Packets from 255.255.255.255(80) (was: Packet from port 80 with spoofed microsoft.com ip)

From: Frederic Harster <f.harster(at)evc.net>
Date: Mon Feb 03 2003 - 10:56:23 EST

Hugo van der Kooij wrote:

>>Let's say that a router is configured (with ACLs) to deny packets from
>>255.255.255.255 (that's why I noticed them). Then it sends back an "ICMP
>>unreachable", doesn't it?
>>These ICMP packets try to travel to... 255.255.255.255! Would'n it cause
>>a multiplying?
>>I know that a router/firewall may be configured to _not_ send "ICMP
>>unreachables" but default is to send them.
>>
Although I _could_ agree as far as a firewalls are concerned, I don't when it comes to routers.
Blocking/droping any ICMP packet usually turns into a real nightmare when you've to perform troubleshooting on a wide network.

my 0,02... and common pratice.
Fred

>
>

This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com Received on Tue Feb 4 12:33:39 2003

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:01:57 EDT