Security Incidents mailing list archives
Re: Ip spoof from 0.0.0.0
From: "David Gillett" <gillettdavid () fhda edu>
Date: Thu, 7 Nov 2002 17:03:57 -0800
I too caught a whiff of this. But what's somewhat more worrying is that in the last week I've also seen probes of port 445 from 3 other addresses: 1. 1 packet with an IP source address that appears to put it in China. 2. half a dozen with the (spoofed) origin address of a Cisco router on the edge of my network. 3. several dozen with the (spoofed) origin address of an Alcatel router at the core of my network. Packets with this origin address would have been blocked by anti-spoofing rules at my border if they were coming from outside my network. Conclusion, then, is that I have a source for this traffic somewhere inside my network. Any hints what this traffic is really trying to do or what causes it? David Gillett ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- RE: Ip spoof from 0.0.0.0, (continued)
- RE: Ip spoof from 0.0.0.0 Omar Herrera (Nov 07)
- RE: Ip spoof from 0.0.0.0 Russell Fulton (Nov 07)
- RE: Ip spoof from 0.0.0.0 Omar Herrera (Nov 07)
- RE: Ip spoof from 0.0.0.0 Omar Herrera (Nov 07)
- Re: Ip spoof from 0.0.0.0 Mike Maxwell (Nov 09)
- Re: Ip spoof from 0.0.0.0 Frank Cheong (Nov 06)
- Re: Ip spoof from 0.0.0.0 Mike Lewinski (Nov 06)
- Re: Ip spoof from 0.0.0.0 Paul Gillingwater (Nov 06)
- Re: Ip spoof from 0.0.0.0 Nexus (Nov 07)
- Re: Ip spoof from 0.0.0.0 batz (Nov 07)
- Re: Ip spoof from 0.0.0.0 Jason Robertson (Nov 08)
- Re: Ip spoof from 0.0.0.0 David Gillett (Nov 08)
- Re: Ip spoof from 0.0.0.0 Hernan Otero (Nov 08)
- RE: Ip spoof from 0.0.0.0 Onsite West Houston (Nov 11)
- RE: Ip spoof from 0.0.0.0 Ingersoll, Jared (Nov 11)
- RE: Ip spoof from 0.0.0.0 Steenbergen, Dennis, Contractor (Nov 12)