Security Incidents mailing list archives
Re: Ip spoof from 0.0.0.0
From: Mike Lewinski <mike () rockynet com>
Date: Wed, 06 Nov 2002 11:05:46 -0700
Frank Cheong wrote:
In-Reply-To: o yes, I also get these kind of attack these few days while some of them leaving a MAC Address 00.30.B6.D0.3C.EC so what can I do to stop these attack now ? As all I got is only a MAC address.
Your pix already stopped it. That MAC address is whatever device your pix is connected to on the outside interface (if not, then a source of what everyone else here is seeing is on your DMZ!).
You can only see local MAC addresses, due to the nature of how layer2 <-> layer3 conversions work.
If you don't want the pix to drop the traffic, create an acl on your upstream router and block at the edge, or ask your ISP to do the same per:
http://www.cymru.com/Documents/secure-ios-template.html Mike ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service.For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Ip spoof from 0.0.0.0 Ingersoll, Jared (Nov 04)
- Re: Ip spoof from 0.0.0.0 Olaf Schreck (Nov 04)
- Message not available
- Re: Ip spoof from 0.0.0.0 Mike Lewinski (Nov 05)
- Re: Ip spoof from 0.0.0.0 Crist J. Clark (Nov 06)
- Message not available
- Re: Ip spoof from 0.0.0.0 Olaf Schreck (Nov 04)
- Re: Ip spoof from 0.0.0.0 Pavel Kankovsky (Nov 06)
- RE: Ip spoof from 0.0.0.0 Omar Herrera (Nov 07)
- RE: Ip spoof from 0.0.0.0 Russell Fulton (Nov 07)
- RE: Ip spoof from 0.0.0.0 Omar Herrera (Nov 07)
- RE: Ip spoof from 0.0.0.0 Omar Herrera (Nov 07)
- Re: Ip spoof from 0.0.0.0 Mike Maxwell (Nov 09)
- <Possible follow-ups>
- Re: Ip spoof from 0.0.0.0 Frank Cheong (Nov 06)
- Re: Ip spoof from 0.0.0.0 Mike Lewinski (Nov 06)
- Re: Ip spoof from 0.0.0.0 Paul Gillingwater (Nov 06)
- Re: Ip spoof from 0.0.0.0 Nexus (Nov 07)
- Re: Ip spoof from 0.0.0.0 batz (Nov 07)
- Re: Ip spoof from 0.0.0.0 Jason Robertson (Nov 08)