Firewall Wizards mailing list archives
Re: Help ... I'm no wizard :)
From: hermit1 <hermits () mac com>
Date: Tue, 26 Sep 2000 08:25:50 -0700
If you are getting traffic from the reserved IP blocks, either someone is spoofing their address or their network is failing to translate addresses correctly, or maybe someone pretty clueless is setting up a system. The only two reasons I can think of for address spoofing are to generate traffic back to the spoofed IP, or to deliver covert information - either way they don't expect to get any response. You should be blocking anything with a source address you can't reply to.
hermit1 At 08:43 AM 9/25/00 -0700, sledzilla wrote:
A lot of these are showing up in the logs of my mail server (ipchains) ... Packet log: input DENY eth0 PROTO=6 10.1.1.8:38098 xxx.xxx.xxx.xxx:25 L=44 S=0x00 I=15536 F=0x4000 T=240 SYN (#3) I'm quite the newbie when it comes to this stuff, but could someone shed a little light on this 10.1.1.8 IP (thought that it was reserved by IANA) and should I be blocking it out? I thought that I should block out just about everything reserved coming in from the outside? Thanks many for your patience, jbeckers () home com _______________________________________________ Firewall-wizards mailing list Firewall-wizards () nfr net http://www.nfr.net/mailman/listinfo/firewall-wizards
_______________________________________________ Firewall-wizards mailing list Firewall-wizards () nfr net http://www.nfr.net/mailman/listinfo/firewall-wizards
Current thread:
- Help ... I'm no wizard :) sledzilla (Sep 25)
- Re: Help ... I'm no wizard :) hermit1 (Sep 26)