PaulDotCom mailing list archives
Intrusion Help !!
From: Russell.Butturini at Healthways.com (Butturini, Russell)
Date: Mon, 26 Apr 2010 11:19:38 -0500
What kind of perimeter equipment are you using? Cisco? If URPF is detecting it and you have URPF enabled on your firewall then it should just be dropping the packet. You can also specify fragment chain lengths. Good luck tracking him down though; They're tough to find. From: pauldotcom-bounces at mail.pauldotcom.com [mailto:pauldotcom-bounces at mail.pauldotcom.com] On Behalf Of Michael Allen Sent: Monday, April 26, 2010 11:07 AM To: PaulDotCom Security Weekly Mailing List Subject: [Pauldotcom] Intrusion Help !! 106020: Deny IP teardrop fragment (size = 552, offset = 0) from source ip to destination ip Description: "Someone is attempting to spoof an IP address on an inbound connection. Unicast Reverse Path Forwarding, also known as reverse route lookup, detected a packet that does not have a source address represented by a route and assumes it to be part of an attack on your PIX Firewall." I received several of these alerts recently and noticed that it brought the network to a halt. How do I track the guy behind this? The guy seems to be hopping all over the place. ****************************************************************************** This email contains confidential and proprietary information and is not to be used or disclosed to anyone other than the named recipient of this email, and is to be used only for the intended purpose of this communication. ****************************************************************************** -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20100426/fdcf4f94/attachment.htm
Current thread:
- Intrusion Help !! Michael Allen (Apr 26)
- Intrusion Help !! Butturini, Russell (Apr 26)
- Intrusion Help !! Michael Allen (Apr 26)
- Intrusion Help !! Butturini, Russell (Apr 26)