Security Incidents mailing list archives
Re: Ip spoof from 0.0.0.0
From: "Pavel Kankovsky" <peak () argo troja mff cuni cz>
Date: Wed, 6 Nov 2002 01:34:51 +0100 (CET)
On Mon, 4 Nov 2002, Ingersoll, Jared wrote:
Nov 1 01:42:44 2U:10.1.1.1 Nov 01 2002 01:50:32: %PIX-2-106016: Deny IP spoof from (0.0.0.0) to x.x.x.5
We're seeing them too, since Nov 1 03:30 GMT, approx. 150 per a day. TCP SYNs to port 445 on different IPs. An interesting detail is that all of them have IP ID == 256. TTL appears to vary between 108 and 113. --Pavel Kankovsky aka Peak "Welcome to the Czech Republic. Bring your own lifeboats." ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Ip spoof from 0.0.0.0 Ingersoll, Jared (Nov 04)
- Re: Ip spoof from 0.0.0.0 Olaf Schreck (Nov 04)
- Message not available
- Re: Ip spoof from 0.0.0.0 Mike Lewinski (Nov 05)
- Re: Ip spoof from 0.0.0.0 Crist J. Clark (Nov 06)
- Message not available
- Re: Ip spoof from 0.0.0.0 Olaf Schreck (Nov 04)
- Re: Ip spoof from 0.0.0.0 Pavel Kankovsky (Nov 06)
- RE: Ip spoof from 0.0.0.0 Omar Herrera (Nov 07)
- RE: Ip spoof from 0.0.0.0 Russell Fulton (Nov 07)
- RE: Ip spoof from 0.0.0.0 Omar Herrera (Nov 07)
- RE: Ip spoof from 0.0.0.0 Omar Herrera (Nov 07)
- Re: Ip spoof from 0.0.0.0 Mike Maxwell (Nov 09)
- <Possible follow-ups>
- Re: Ip spoof from 0.0.0.0 Frank Cheong (Nov 06)
- Re: Ip spoof from 0.0.0.0 Mike Lewinski (Nov 06)
- Re: Ip spoof from 0.0.0.0 Paul Gillingwater (Nov 06)
- Re: Ip spoof from 0.0.0.0 Nexus (Nov 07)
- Re: Ip spoof from 0.0.0.0 batz (Nov 07)
- Re: Ip spoof from 0.0.0.0 Jason Robertson (Nov 08)