IDS mailing list archives

Previous By Date Next
Previous By Thread Next

Re: possible causes of source and destination ip from external network

From: Adam Baldwin <baldwnad () yahoo com>
Date: Tue, 22 Jun 2004 06:57:57 -0700 (PDT)
The better question to ask is why is this packet on my
network? As the question you asked is to ambiguous to
answer with the information provided. There could be
many reasons for triggering the alert.

I would initially think that it is a packet with a
spoofed source that originated from the inside of your
network but it could also be misconfiguration or
routing errors by your service provider. 

Routers / firewalls should be configured to drop
anything not sourced from your internal network. That
helps protect others networks from spoofed packets
leaving your network. Don't want to be the source of
an attack now do we? ;-)

-Adam



What would be the possible causes of the IDS alert
that shows source ip and 
destination ip from external network? Also, why did
the router route this 
packet in the first place?




        
                
__________________________________
Do you Yahoo!?
New and Improved Yahoo! Mail - 100MB free storage!
http://promotions.yahoo.com/new_mail 

---------------------------------------------------------------------------

---------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: