Intrusion Help !!

[Russell.Butturini at Healthways.com (Butturini, Russell)]

What kind of perimeter equipment are you using? Cisco? If URPF is detecting it and you have URPF enabled on your 
firewall then it should just be dropping the packet.  You can also specify fragment chain lengths.  Good luck tracking 
him down though; They're tough to find.

From: pauldotcom-bounces at mail.pauldotcom.com [mailto:pauldotcom-bounces at mail.pauldotcom.com] On Behalf Of Michael 
Allen
Sent: Monday, April 26, 2010 11:07 AM
To: PaulDotCom Security Weekly Mailing List
Subject: [Pauldotcom] Intrusion Help !!


106020: Deny IP teardrop fragment (size = 552, offset = 0) from source ip to destination ip

Description: "Someone is attempting to spoof an IP address on an inbound connection. Unicast Reverse Path Forwarding, 
also known as reverse route lookup, detected a packet that does not have a source address represented by a route and 
assumes it to be part of an attack on your PIX Firewall."

I received several of these alerts recently and noticed that it brought the network to a halt. How do I track the guy 
behind this? The guy seems to be hopping all over the place.



******************************************************************************
This email contains confidential and proprietary information and is not to be used or disclosed to anyone other than 
the named recipient of this email, 
and is to be used only for the intended purpose of this communication.
******************************************************************************
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20100426/fdcf4f94/attachment.htm