Security Incidents mailing list archives
Re: Ip spoof from 0.0.0.0
From: "Nexus" <nexus () patrol i-way co uk>
Date: Wed, 6 Nov 2002 23:53:10 -0000
----- Original Message ----- From: "Paul Gillingwater" <paul () lanifex com> To: "Frank Cheong" <chocobofrank () hotmail com> Cc: <incidents () securityfocus com> Sent: Wednesday, November 06, 2002 7:08 PM Subject: Re: Ip spoof from 0.0.0.0 [snip]
your router, not the remote attacker. The best you could do is ask your upstream ISP to filter outgoing traffic to drop IP packets with invalid source addresses like 0.0.0.0.
[snip] Good advice, also good luck ;-) Try (tcp)tracerouting to RFC1918 addresses or IANA reserved netblocks through ISP's - quite scary how far you get sometimes before somebody with clue > 0 has been at the router configs and it gets dropped... Cheers. ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Re: Ip spoof from 0.0.0.0, (continued)
- Message not available
- Re: Ip spoof from 0.0.0.0 Mike Lewinski (Nov 05)
- Re: Ip spoof from 0.0.0.0 Crist J. Clark (Nov 06)
- RE: Ip spoof from 0.0.0.0 Omar Herrera (Nov 07)
- RE: Ip spoof from 0.0.0.0 Russell Fulton (Nov 07)
- Re: Ip spoof from 0.0.0.0 Mike Lewinski (Nov 06)
- Re: Ip spoof from 0.0.0.0 Paul Gillingwater (Nov 06)
- Re: Ip spoof from 0.0.0.0 Nexus (Nov 07)
- Re: Ip spoof from 0.0.0.0 batz (Nov 07)
- Re: Ip spoof from 0.0.0.0 Jason Robertson (Nov 08)