Security Incidents mailing list archives
Re: Odd entries in my Security Router logs
From: Valdis.Kletnieks () vt edu
Date: Thu, 12 Dec 2002 12:09:38 -0500
On Wed, 11 Dec 2002 12:59:12 PST, David Gillett <gillettdavid () fhda edu> said:
Reality, therefore, is that packets from these source addresses are seen on the public Internet, and that any router/firewall/gateway at a security perimeter should drop them.
Close to 30% of the traffic at the root nameservers have sources in RFC1918 space. This indicates: 1) A lot of systems behind a NAT have broken configurations causing DNS lookups. 2) The NAT itself is broken allowing the 1918 address to escape. 3) The ISP isn't filtering. There's a *lot* of stupid configuration out there. -- Valdis Kletnieks Computer Systems Senior Engineer Virginia Tech
Attachment:
_bin
Description:
Current thread:
- RE: Odd entries in my Security Router logs Jim Terry (Dec 11)
- RE: Odd entries in my Security Router logs Julian Young (Dec 11)
- <Possible follow-ups>
- RE: Odd entries in my Security Router logs Andrews, Jonathan (US - Hermitage) (Dec 11)
- RE: Odd entries in my Security Router logs Julian Young (Dec 11)
- Re: Odd entries in my Security Router logs Michael Sierchio (Dec 11)
- RE: Odd entries in my Security Router logs David Gillett (Dec 11)
- Re: Odd entries in my Security Router logs Valdis . Kletnieks (Dec 12)
- Re: Odd entries in my Security Router logs Valdis . Kletnieks (Dec 12)
- Re: Odd entries in my Security Router logs James C. Slora Jr. (Dec 11)
- Re: Odd entries in my Security Router logs HggdH (Dec 12)