Security Incidents mailing list archives

Re: Ip spoof from 0.0.0.0

From: Frank Cheong <chocobofrank () hotmail com>
Date: 6 Nov 2002 09:37:52 -0000

In-Reply-To: <B1E4D3274D57D411BE8400D0B783FF320145C491 () exchange1 cswv com>

o yes, I also get these kind of attack these few days while some of them 
leaving a MAC Address 00.30.B6.D0.3C.EC so what can I do to stop these 
attack now ? As all I got is only a MAC address.

Pls find below abstract from my the firewall log (Destination IP Address 
has been masked intentionally).

11/01/2002 18:59:48.560 -     IP spoof detected -     Source:0.0.0.0, 
3004, WAN -     Destination:A.B.C.110, 445, LAN -     MAC address: 
00.D0.BC.EC.E9.98 -     
11/01/2002 22:38:15.304 -     IP spoof detected -     Source:0.0.0.0, 
3909, WAN -     Destination:A.B.C.103, 445, LAN -     MAC address: 
00.D0.BC.EC.E9.98 -     
11/02/2002 17:45:31.064 -     IP spoof detected -     Source:0.0.0.0, 
3004, WAN -     Destination:A.B.C.110, 445, LAN -     MAC address: 
00.D0.BC.EC.E9.98 -     
11/02/2002 18:10:00.080 -     IP spoof detected -     Source:0.0.0.0, 
3020, WAN -     Destination:A.B.C.106, 445, LAN -     MAC address: 
00.30.B6.D0.3C.EC -     
11/03/2002 04:22:48.704 -     IP spoof detected -     Source:0.0.0.0, 
2874, WAN -     Destination:A.B.C.106, 445, LAN -     MAC address: 
00.30.B6.D0.3C.EC -     
11/04/2002 16:17:50.528 -     IP spoof detected -     Source:0.0.0.0, 
2808, WAN -     Destination:A.B.C.104, 445, LAN -     MAC address: 
00.D0.BC.EC.E9.98 -     
11/04/2002 19:51:56.672 -     IP spoof detected -     Source:0.0.0.0, 
3000, WAN -     Destination:A.B.C.111, 445, LAN -     MAC address: 
00.30.B6.D0.3C.EC -     
11/04/2002 21:18:56.608 -     IP spoof detected -     Source:0.0.0.0, 
2743, WAN -     Destination:A.B.C.102, 445, LAN -     MAC address: 
00.30.B6.D0.3C.EC -     
11/05/2002 16:36:26.464 -     IP spoof detected -     Source:0.0.0.0, 
4040, WAN -     Destination:A.B.C.107, 445, LAN -     MAC address: 
00.30.B6.D0.3C.EC -     
11/05/2002 17:25:23.352 -     IP spoof detected -     Source:0.0.0.0, 
1098, WAN -     Destination:A.B.C.111, 445, LAN -     MAC address: 
00.30.B6.D0.3C.EC -     

Frank

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Current thread:

Ip spoof from 0.0.0.0 Ingersoll, Jared (Nov 04)
- Re: Ip spoof from 0.0.0.0 Olaf Schreck (Nov 04)
  - Message not available
    - Re: Ip spoof from 0.0.0.0 Mike Lewinski (Nov 05)
    - Re: Ip spoof from 0.0.0.0 Crist J. Clark (Nov 06)
- Re: Ip spoof from 0.0.0.0 Pavel Kankovsky (Nov 06)
  - RE: Ip spoof from 0.0.0.0 Omar Herrera (Nov 07)
    - RE: Ip spoof from 0.0.0.0 Russell Fulton (Nov 07)
- RE: Ip spoof from 0.0.0.0 Omar Herrera (Nov 07)
- Re: Ip spoof from 0.0.0.0 Mike Maxwell (Nov 09)
- <Possible follow-ups>
- Re: Ip spoof from 0.0.0.0 Frank Cheong (Nov 06)
  - Re: Ip spoof from 0.0.0.0 Mike Lewinski (Nov 06)
  - Re: Ip spoof from 0.0.0.0 Paul Gillingwater (Nov 06)
    - Re: Ip spoof from 0.0.0.0 Nexus (Nov 07)
    - Re: Ip spoof from 0.0.0.0 batz (Nov 07)
    - Re: Ip spoof from 0.0.0.0 Jason Robertson (Nov 08)
- Re: Ip spoof from 0.0.0.0 David Gillett (Nov 08)
- Re: Ip spoof from 0.0.0.0 Hernan Otero (Nov 08)
- RE: Ip spoof from 0.0.0.0 Onsite West Houston (Nov 11)
- RE: Ip spoof from 0.0.0.0 Ingersoll, Jared (Nov 11)
- RE: Ip spoof from 0.0.0.0 Steenbergen, Dennis, Contractor (Nov 12)