Security Incidents mailing list archives
Re: Ip spoof from 0.0.0.0
From: "Jason Robertson" <jason () ifuture com>
Date: Thu, 07 Nov 2002 22:16:46 -0500
For all of you who want the list of bogus IP's http://www.cymru.com/Documents/bogon-list.html As for 0.0.0.0, it is used for DHCP, but it shouldn't go beyond your gateway, or anyone elses. Also the addressing is usually 0.0.0.0 -> 255.255.255.255 67 At least on our network at work... On 6 Nov 2002 at 23:53, Nexus wrote: From: "Nexus" <nexus () patrol i-way co uk> To: "Frank Cheong" <chocobofrank () hotmail com>, "Paul Gillingwater" <paul () lanifex com> Copies to: <incidents () securityfocus com> Subject: Re: Ip spoof from 0.0.0.0 Date sent: Wed, 6 Nov 2002 23:53:10 -0000
----- Original Message ----- From: "Paul Gillingwater" <paul () lanifex com> To: "Frank Cheong" <chocobofrank () hotmail com> Cc: <incidents () securityfocus com> Sent: Wednesday, November 06, 2002 7:08 PM Subject: Re: Ip spoof from 0.0.0.0 [snip]your router, not the remote attacker. The best you could do is ask your upstream ISP to filter outgoing traffic to drop IP packets with invalid source addresses like 0.0.0.0.[snip] Good advice, also good luck ;-) Try (tcp)tracerouting to RFC1918 addresses or IANA reserved netblocks through ISP's - quite scary how far you get sometimes before somebody with clue > 0 has been at the router configs and it gets dropped... Cheers. ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
-- Jason Robertson Now at the Nation Research Council. ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Re: Ip spoof from 0.0.0.0, (continued)
- Re: Ip spoof from 0.0.0.0 Pavel Kankovsky (Nov 06)
- RE: Ip spoof from 0.0.0.0 Omar Herrera (Nov 07)
- RE: Ip spoof from 0.0.0.0 Russell Fulton (Nov 07)
- RE: Ip spoof from 0.0.0.0 Omar Herrera (Nov 07)
- RE: Ip spoof from 0.0.0.0 Omar Herrera (Nov 07)
- Re: Ip spoof from 0.0.0.0 Mike Maxwell (Nov 09)
- Re: Ip spoof from 0.0.0.0 Frank Cheong (Nov 06)
- Re: Ip spoof from 0.0.0.0 Mike Lewinski (Nov 06)
- Re: Ip spoof from 0.0.0.0 Paul Gillingwater (Nov 06)
- Re: Ip spoof from 0.0.0.0 Nexus (Nov 07)
- Re: Ip spoof from 0.0.0.0 batz (Nov 07)
- Re: Ip spoof from 0.0.0.0 Jason Robertson (Nov 08)
- Re: Ip spoof from 0.0.0.0 Pavel Kankovsky (Nov 06)
- Re: Ip spoof from 0.0.0.0 David Gillett (Nov 08)
- Re: Ip spoof from 0.0.0.0 Hernan Otero (Nov 08)
- RE: Ip spoof from 0.0.0.0 Onsite West Houston (Nov 11)
- RE: Ip spoof from 0.0.0.0 Ingersoll, Jared (Nov 11)
- RE: Ip spoof from 0.0.0.0 Steenbergen, Dennis, Contractor (Nov 12)