Security Incidents mailing list archives

Re: Odd entries in my Security Router logs

From: Valdis.Kletnieks () vt edu
Date: Thu, 12 Dec 2002 12:09:38 -0500

On Wed, 11 Dec 2002 12:59:12 PST, David Gillett <gillettdavid () fhda edu>  said:

  Reality, therefore, is that packets from these source 
addresses are seen on the public Internet, and that any
router/firewall/gateway at a security perimeter should
drop them.


Close to 30% of the traffic at the root nameservers have sources in RFC1918
space.  This indicates:

1) A lot of systems behind a NAT have broken configurations causing DNS
lookups.

2) The NAT itself is broken allowing the 1918 address to escape.

3) The ISP isn't filtering.

There's a *lot* of stupid configuration out there.
-- 
                                Valdis Kletnieks
                                Computer Systems Senior Engineer
                                Virginia Tech

Attachment: _bin
Description:

Current thread:

RE: Odd entries in my Security Router logs Jim Terry (Dec 11)
- RE: Odd entries in my Security Router logs Julian Young (Dec 11)
- <Possible follow-ups>
- RE: Odd entries in my Security Router logs Andrews, Jonathan (US - Hermitage) (Dec 11)
  - RE: Odd entries in my Security Router logs Julian Young (Dec 11)
  - Re: Odd entries in my Security Router logs Michael Sierchio (Dec 11)
    - RE: Odd entries in my Security Router logs David Gillett (Dec 11)
    - Re: Odd entries in my Security Router logs Valdis . Kletnieks (Dec 12)
    - Re: Odd entries in my Security Router logs Valdis . Kletnieks (Dec 12)
  - Re: Odd entries in my Security Router logs James C. Slora Jr. (Dec 11)
    - Re: Odd entries in my Security Router logs HggdH (Dec 12)