Security Incidents mailing list archives
Fw: spoofed packets to RFC 1918 addresses
From: "HggdH" <hggdh () attbi com>
Date: Thu, 27 Jun 2002 16:05:06 -0600
I wonder ... I just remembered that at least the Linksys DSL/Cable routers, by default, sit at 192.168.1.x; the DMZ is, usually, on the same subnet. Would someone be looking for Windows hosts there? As Linksys puts it, a machine in the DMZ is completely exposed to the Internet. No firewall protection. ..hggdh.. ----- Original Message ----- From: "Robert E. Lee" <rel () leefam org> (snip) My organization saw some connection attempts to an rfc1918 space on our firewall in the past few days as well. Specifically ip's in the 192.168.1.0/24 space, and specifically on tcp port 137. The firewall marked the packets as being spoofed, and dropped them. (snip) ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- spoofed packets to RFC 1918 addresses Dirk Koopman (Jun 26)
- Re: spoofed packets to RFC 1918 addresses measl (Jun 27)
- RE: spoofed packets to RFC 1918 addresses Kent Hundley (Jun 27)
- Re: spoofed packets to RFC 1918 addresses Barry Irwin (Jun 28)
- Re: spoofed packets to RFC 1918 addresses Daniel Polombo (Jun 27)
- Re: spoofed packets to RFC 1918 addresses jon schatz (Jun 27)
- Re: spoofed packets to RFC 1918 addresses Robert E. Lee (Jun 27)
- <Possible follow-ups>
- RE: spoofed packets to RFC 1918 addresses Shane Carroll (Jun 27)
- Fw: spoofed packets to RFC 1918 addresses HggdH (Jun 27)
- RE: spoofed packets to RFC 1918 addresses Sterling, Chuck (Jun 28)
- RE: spoofed packets to RFC 1918 addresses Keith T. Morgan (Jun 28)