Security Incidents mailing list archives
Re: Ip spoof from 0.0.0.0
From: Frank Cheong <chocobofrank () hotmail com>
Date: 6 Nov 2002 09:37:52 -0000
In-Reply-To: <B1E4D3274D57D411BE8400D0B783FF320145C491 () exchange1 cswv com> o yes, I also get these kind of attack these few days while some of them leaving a MAC Address 00.30.B6.D0.3C.EC so what can I do to stop these attack now ? As all I got is only a MAC address. Pls find below abstract from my the firewall log (Destination IP Address has been masked intentionally). 11/01/2002 18:59:48.560 - IP spoof detected - Source:0.0.0.0, 3004, WAN - Destination:A.B.C.110, 445, LAN - MAC address: 00.D0.BC.EC.E9.98 - 11/01/2002 22:38:15.304 - IP spoof detected - Source:0.0.0.0, 3909, WAN - Destination:A.B.C.103, 445, LAN - MAC address: 00.D0.BC.EC.E9.98 - 11/02/2002 17:45:31.064 - IP spoof detected - Source:0.0.0.0, 3004, WAN - Destination:A.B.C.110, 445, LAN - MAC address: 00.D0.BC.EC.E9.98 - 11/02/2002 18:10:00.080 - IP spoof detected - Source:0.0.0.0, 3020, WAN - Destination:A.B.C.106, 445, LAN - MAC address: 00.30.B6.D0.3C.EC - 11/03/2002 04:22:48.704 - IP spoof detected - Source:0.0.0.0, 2874, WAN - Destination:A.B.C.106, 445, LAN - MAC address: 00.30.B6.D0.3C.EC - 11/04/2002 16:17:50.528 - IP spoof detected - Source:0.0.0.0, 2808, WAN - Destination:A.B.C.104, 445, LAN - MAC address: 00.D0.BC.EC.E9.98 - 11/04/2002 19:51:56.672 - IP spoof detected - Source:0.0.0.0, 3000, WAN - Destination:A.B.C.111, 445, LAN - MAC address: 00.30.B6.D0.3C.EC - 11/04/2002 21:18:56.608 - IP spoof detected - Source:0.0.0.0, 2743, WAN - Destination:A.B.C.102, 445, LAN - MAC address: 00.30.B6.D0.3C.EC - 11/05/2002 16:36:26.464 - IP spoof detected - Source:0.0.0.0, 4040, WAN - Destination:A.B.C.107, 445, LAN - MAC address: 00.30.B6.D0.3C.EC - 11/05/2002 17:25:23.352 - IP spoof detected - Source:0.0.0.0, 1098, WAN - Destination:A.B.C.111, 445, LAN - MAC address: 00.30.B6.D0.3C.EC - Frank ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Ip spoof from 0.0.0.0 Ingersoll, Jared (Nov 04)
- Re: Ip spoof from 0.0.0.0 Olaf Schreck (Nov 04)
- Message not available
- Re: Ip spoof from 0.0.0.0 Mike Lewinski (Nov 05)
- Re: Ip spoof from 0.0.0.0 Crist J. Clark (Nov 06)
- Message not available
- Re: Ip spoof from 0.0.0.0 Olaf Schreck (Nov 04)
- Re: Ip spoof from 0.0.0.0 Pavel Kankovsky (Nov 06)
- RE: Ip spoof from 0.0.0.0 Omar Herrera (Nov 07)
- RE: Ip spoof from 0.0.0.0 Russell Fulton (Nov 07)
- RE: Ip spoof from 0.0.0.0 Omar Herrera (Nov 07)
- RE: Ip spoof from 0.0.0.0 Omar Herrera (Nov 07)
- Re: Ip spoof from 0.0.0.0 Mike Maxwell (Nov 09)
- <Possible follow-ups>
- Re: Ip spoof from 0.0.0.0 Frank Cheong (Nov 06)
- Re: Ip spoof from 0.0.0.0 Mike Lewinski (Nov 06)
- Re: Ip spoof from 0.0.0.0 Paul Gillingwater (Nov 06)
- Re: Ip spoof from 0.0.0.0 Nexus (Nov 07)
- Re: Ip spoof from 0.0.0.0 batz (Nov 07)
- Re: Ip spoof from 0.0.0.0 Jason Robertson (Nov 08)