Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Help ... I'm no wizard :)

From: hermit1 <hermits () mac com>
Date: Tue, 26 Sep 2000 08:25:50 -0700
If you are getting traffic from the reserved IP blocks, either someone is spoofing their address or their network is failing to translate addresses correctly, or maybe someone pretty clueless is setting up a system. The only two reasons I can think of for address spoofing are to generate traffic back to the spoofed IP, or to deliver covert information - either way they don't expect to get any response. You should be blocking anything with a source address you can't reply to. 

hermit1

At 08:43 AM 9/25/00 -0700, sledzilla wrote:

A lot of these are showing up in the logs of my mail server (ipchains) ...

Packet log: input DENY eth0 PROTO=6 10.1.1.8:38098 xxx.xxx.xxx.xxx:25 L=44
S=0x00 I=15536 F=0x4000 T=240 SYN (#3)

I'm quite the newbie when it comes to this stuff, but could someone shed a
little light on this 10.1.1.8 IP (thought that it was reserved by IANA) and
should I be blocking it out?  I thought that I should block out just about
everything reserved coming in from the outside?

Thanks many for your patience,
jbeckers () home com


_______________________________________________
Firewall-wizards mailing list
Firewall-wizards () nfr net
http://www.nfr.net/mailman/listinfo/firewall-wizards



_______________________________________________
Firewall-wizards mailing list
Firewall-wizards () nfr net
http://www.nfr.net/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: