Security Incidents mailing list archives
Re: Ip spoof from 0.0.0.0
From: Olaf Schreck <chakl () syscall de>
Date: Tue, 5 Nov 2002 00:24:53 +0100
Jared,
I was hoping someone could tell me whether this is a misconfigured device (perhaps) or is this activity I should be concerned with (and please keep
Nov 1 01:42:44 2U:10.1.1.1 Nov 01 2002 01:50:32: %PIX-2-106016: Deny IP spoof from (0.0.0.0) to x.x.x.5
too bad these Pix logs don't show the attempted destination port. We have seen similar things lately, TCP/445 slow scans from 0.0.0.0. I'm not at work currently, sorry no tracefiles. Looks like some sort port 445 harvesting to me at first glance. Definitely a red bulled on my watchlist. ciao, chakl On Mon, Nov 04, 2002 at 04:27:35PM -0500, Ingersoll, Jared wrote:
any witless banter regarding my use of 'concerned with' to yourself- thanks!). These are SYSLOG entries from my firewall (PIX). (the x.x.x.X are static address on the external interface). -Jared urchin 7% grep spoof oSYSLOG
---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Ip spoof from 0.0.0.0 Ingersoll, Jared (Nov 04)
- Re: Ip spoof from 0.0.0.0 Olaf Schreck (Nov 04)
- Message not available
- Re: Ip spoof from 0.0.0.0 Mike Lewinski (Nov 05)
- Re: Ip spoof from 0.0.0.0 Crist J. Clark (Nov 06)
- Message not available
- Re: Ip spoof from 0.0.0.0 Olaf Schreck (Nov 04)
- Re: Ip spoof from 0.0.0.0 Pavel Kankovsky (Nov 06)
- RE: Ip spoof from 0.0.0.0 Omar Herrera (Nov 07)
- RE: Ip spoof from 0.0.0.0 Russell Fulton (Nov 07)
- RE: Ip spoof from 0.0.0.0 Omar Herrera (Nov 07)
- RE: Ip spoof from 0.0.0.0 Omar Herrera (Nov 07)
- Re: Ip spoof from 0.0.0.0 Mike Maxwell (Nov 09)
- <Possible follow-ups>
- Re: Ip spoof from 0.0.0.0 Frank Cheong (Nov 06)
- Re: Ip spoof from 0.0.0.0 Mike Lewinski (Nov 06)
- Re: Ip spoof from 0.0.0.0 Paul Gillingwater (Nov 06)