Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Bogus DNS traffic

From: "Christopher L. Morrow" <chris () UU NET>
Date: Thu, 23 Oct 2003 15:49:16 +0000 (GMT)

On Wed, 22 Oct 2003, David Gillett wrote:


  The malformation looks like a match.  Since I'd only seen one
random packet from each of a bunch of random source addresses,
I was assuming the source was probably spoofed; this sounds like
it might not be.
  (The MAC address that I reported as an internal server turns
out to be the nearest internal ROUTER.  So I don't know if the
origin is internal to our network after all.)



MAC addresses are always local, their significance is lost beyond the
subnet boundary.

---------------------------------------------------------------------------
FREE Whitepaper: Better Management for Network Security

Looking for a better way to manage your IP security?
Learn how Solsoft can help you:
- Ensure robust IP security through policy-based management
- Make firewall, VPN, and NAT rules interoperable across heterogeneous
networks
- Quickly respond to network events from a central console

Download our FREE whitepaper at:
http://www.securityfocus.com/sponsor/Solsoft_incidents_031015
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: