Security Incidents mailing list archives
Re: Deny IP spoof from 255.255.255.255
From: "Crist Clark" <crist.clark () globalstar com>
Date: Fri, 06 Jul 2001 10:50:40 -0700
Curt Wilson wrote: [snip]
I realize that both of these references don't refer directly to such a packet but I am curious about these techniques.
The techniques you referenced all deal with sending packets to a broadcast or multicast _destination_ address. I am not aware of any useful attacks using the broadcast address, 255.255.255.255, as the SOURCE. I believe the general impression is that the 255.255.255.255:31337 to *:515 packets are the product of a broken worm or tool. -- Crist J. Clark Network Security Engineer crist.clark () globalstar com Globalstar, L.P. (408) 933-4387 FAX: (408) 933-4926 The information contained in this e-mail message is confidential, intended only for the use of the individual or entity named above. If the reader of this e-mail is not the intended recipient, or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that any review, dissemination, distribution or copying of this communication is strictly prohibited. If you have received this e-mail in error, please contact postmaster () globalstar com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Deny IP spoof from 255.255.255.255 Curt Wilson (Jul 06)
- Re: Deny IP spoof from 255.255.255.255 Crist Clark (Jul 06)
- Re: Deny IP spoof from 255.255.255.255 Vitaly Osipov (Jul 06)
- Re: Deny IP spoof from 255.255.255.255 Jens Hektor (Jul 06)
- Re: Deny IP spoof from 255.255.255.255 Crist Clark (Jul 07)