Security Incidents mailing list archives
RE: Localhost packets on WAN
From: "David Gillett" <gillettdavid () fhda edu>
Date: Thu, 30 Sep 2004 09:03:04 -0700
These packets should not be arriving at your perimeter at all.
Anything sourced from a loopback address should be BLOCKED at your perimeter. But if it has your destination address, it will arrive AT your perimeter unless somebody upstream bothers to look at the source address for you. Most ISPs don't, unless you've requested their help fending off a DoS attack.
They are not blowback from misguided Blaster or Nachi countermeasures as someone will undoubtedly suggest.
Please offer some *plausible* alternate explanation. The Blaster blowback precisely explains every detail of traffic like this that I have seen directly or heard reported by others. Do you possess some additional evidence that contradicts it? Do you have a simpler explanation that adequately explains the evidence? David Gillett
Current thread:
- Localhost packets on WAN Kirby Angell (Sep 29)
- RE: Localhost packets on WAN James C Slora Jr (Sep 30)
- RE: Localhost packets on WAN David Gillett (Sep 30)
- RE: Localhost packets on WAN James C Slora Jr (Sep 30)
- RE: Localhost packets on WAN spainsecurity-s.navarro (Sep 30)
- RE: Localhost packets on WAN David Gillett (Sep 30)
- Re: Localhost packets on WAN Frank Knobbe (Sep 30)
- Re: Localhost packets on WAN Kirby Angell (Sep 30)
- <Possible follow-ups>
- RE: Localhost packets on WAN NESTING, DAVID M (SBCSI) (Sep 30)
- RE: Localhost packets on WAN Frank Knobbe (Sep 30)
- RE: Localhost packets on WAN James C Slora Jr (Sep 30)