Firewall Wizards mailing list archives
RE: Wayyy too many spoofed packets
From: "Chris de Vidal" <chris () devidal tv>
Date: Fri, 21 Nov 2003 19:13:58 -0500 (EST)
Jeroen De Corel said:
What do you mean with packets claiming to be your ip address: a public ip address on the internal network?
I mean this: Network ------------------------ eth0 172.19.255.255 172.19.2.200 Packet (from 172.19.2.200) -----> eth0 (should not ever happen, but happened 144 times yesterday out of millions of packets)
You wouldn't happen to be running vmware in the background, would you?
Nope. Someone on this list explained that this is probably happening: eth0 --> Packet from 172.19.2.200 to 172.19.255.255 --> network | | eth0 <----------------------------------------------------+ (listening to all traffic destined for 172.19.255.255) So I'm probably getting my own broadcast traffic back. But I wasn't expecting that :-) The solution is to not flag broadcast packets with my IP coming in. I think I can add ! -s 172.19.255.255 to my rule. Thanks for the help! /dev/idal _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Wayyy too many spoofed packets Chris de Vidal (Nov 21)
- Re: Wayyy too many spoofed packets Paul Robertson (Nov 21)
- Re: Wayyy too many spoofed packets Chris de Vidal (Nov 23)
- Message not available
- RE: Wayyy too many spoofed packets Chris de Vidal (Nov 21)
- Re: Wayyy too many spoofed packets Paul Robertson (Nov 21)
- Re: Wayyy too many spoofed packets Mikael Olsson (Nov 21)
- <Possible follow-ups>
- Re: Wayyy too many spoofed packets Chris de Vidal (Nov 21)
- Re: Wayyy too many spoofed packets Frank Knobbe (Nov 21)
- RE: Re: Wayyy too many spoofed packets Bill Royds (Nov 21)
- RE: Re: Wayyy too many spoofed packets Frank Knobbe (Nov 23)
- RE: Re: Wayyy too many spoofed packets Chris de Vidal (Nov 23)
- RE: Re: Wayyy too many spoofed packets Frank Knobbe (Nov 23)
- RE: Re: Wayyy too many spoofed packets Frank Knobbe (Nov 23)
- RE: Re: Wayyy too many spoofed packets Daniel Linder (Nov 25)
- RE: Re: Wayyy too many spoofed packets Chris de Vidal (Nov 25)