Security Basics mailing list archives
RE: 0.0.0.0 Probes
From: "Fook Ming EE" <eeefm () singnet com sg>
Date: Tue, 26 Oct 2004 13:24:21 +0800
You may want to check the DHCP config of the server is proper and also check client IP config to make sure that client side IP is not statically configured. PPP would take precedence to dynamically allocate source IP to clients that connect to VPN servers, as this is the usual setup. -----Original Message----- From: Keith Bucknall [mailto:keith.bucknall () zen co uk] Sent: Saturday, October 23, 2004 6:52 PM To: miles () mstevenson org; security-basics () securityfocus com; gillettdavid () fhda edu Cc: 'John Smithson' Subject: RE: 0.0.0.0 Probes Dear All, I am trying to troubleshoot a problem we have, on a particular site they use a PPTP VPN connection to our office, at present we just use Windows XP DUN for this - I will be changing this soon to a IPSEC tunnel but just need to get this working. When use A dials the VPN server they connect without a problem and the VPN registers as established. But then the next day when User B tries on our VPN server it displays his source address as 0.0.0.0 and then refuses the connection, User A tries and I get his original source IP. This only displays a source IP as 0.0.0.0 for User B... Would this mean that his PC could be infected with a worm that is trying to hide the course IP. Kind Regards Keith -----Original Message----- From: Miles Stevenson [mailto:miles () mstevenson org] Sent: 22 October 2004 19:02 To: security-basics () securityfocus com; gillettdavid () fhda edu Cc: 'John Smithson' Subject: Re: 0.0.0.0 Probes David, <snip>
These packets are not *to* 0.0.0.0; they just claim to be *from* there. Unless a router is specifically configured to check the source address for validity, it won't care. (The RFC passage you quote prevents attempts to *reply* to such packets from saturating the whole Internet.)
</snip> Agreed. Thank you for the correction.
"..SHOULD NOT originate datagrams addressed to 0.0.0.0".
Use of the words "originate" and "to" in the same phrase to represent traffic flow seems, at first glance, to be in conflict with each other, and is likely the source of my misinterpretation. Another example of the importance of semantics when then intention is to communicate accurately. -- Miles Stevenson miles () mstevenson org PGP FP: 035F 7D40 44A9 28FA 7453 BDF4 329F 889D 767D 2F63
Current thread:
- 0.0.0.0 Probes John Smithson (Oct 21)
- Re: 0.0.0.0 Probes Miles Stevenson (Oct 22)
- RE: 0.0.0.0 Probes David Gillett (Oct 22)
- Re: 0.0.0.0 Probes Miles Stevenson (Oct 22)
- RE: 0.0.0.0 Probes Keith Bucknall (Oct 25)
- RE: 0.0.0.0 Probes xyberpix (Oct 26)
- RE: 0.0.0.0 Probes Fook Ming EE (Oct 26)
- RE: 0.0.0.0 Probes David Gillett (Oct 22)
- Re: 0.0.0.0 Probes Miles Stevenson (Oct 22)
- <Possible follow-ups>
- RE: 0.0.0.0 Probes Jorge Reyes (Oct 22)
- RE: 0.0.0.0 Probes Shawn Jackson (Oct 22)
- 0.0.0.0 Probes John Smithson (Oct 25)
- Re: 0.0.0.0 Probes Ghaith Nasrawi (Oct 30)