Firewall Wizards mailing list archives
RE: Re: Wayyy too many spoofed packets
From: Frank Knobbe <frank () knobbe us>
Date: Fri, 21 Nov 2003 23:03:12 -0600
On Fri, 2003-11-21 at 22:52, Chris de Vidal wrote:
So why do I see so many inbound packets from the network coming through eth0 with my IP? The only explaination that makes sense is a router somewhere rebroadcasting packets...
Those are packets FROM your IP for the network. They're not spoofed, your box sends them to the network. +-------+ +----+ |You Box|---|eth0|---> network +-------+ +----+ 172.19.2.200 -> 172.19.255.255 netfilter logs that packet that is trying to leave your box. There is no spoofed packets. If you turn your box off, and use a different machine with tcpdump, sniff the traffic and STILL capture packets with the turned off IP address, then I believe you have spoofed packets floating around :) Until then, the way I see your description is that you are logging/blocking VALID packets FROM your box to the network. Regards, Frank
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- Wayyy too many spoofed packets Chris de Vidal (Nov 21)
- Re: Wayyy too many spoofed packets Paul Robertson (Nov 21)
- Re: Wayyy too many spoofed packets Chris de Vidal (Nov 23)
- Message not available
- RE: Wayyy too many spoofed packets Chris de Vidal (Nov 21)
- Re: Wayyy too many spoofed packets Paul Robertson (Nov 21)
- Re: Wayyy too many spoofed packets Mikael Olsson (Nov 21)
- <Possible follow-ups>
- Re: Wayyy too many spoofed packets Chris de Vidal (Nov 21)
- Re: Wayyy too many spoofed packets Frank Knobbe (Nov 21)
- RE: Re: Wayyy too many spoofed packets Bill Royds (Nov 21)
- RE: Re: Wayyy too many spoofed packets Frank Knobbe (Nov 23)
- RE: Re: Wayyy too many spoofed packets Chris de Vidal (Nov 23)
- RE: Re: Wayyy too many spoofed packets Frank Knobbe (Nov 23)
- RE: Re: Wayyy too many spoofed packets Frank Knobbe (Nov 23)
- RE: Re: Wayyy too many spoofed packets Daniel Linder (Nov 25)
- RE: Re: Wayyy too many spoofed packets Chris de Vidal (Nov 25)