Snort mailing list archives
Re: IP spoofing
From: Matt Kettler <mkettler () evi-inc com>
Date: Thu, 07 Oct 2004 17:52:39 -0400
At 03:01 PM 10/7/2004, Aguiar Magalhaes wrote:
I'm receiving a lot of PING NMAP alerts... The source IPs are spoofed How can I to know the true source IP of these attacks ??
Correction: how can you know the true source of these packets.. to characterize them as attacks is incorrect. You're not being attacked, you're being probed, and such probes can be legitimate, or not. They clearly aren't gaining access to your servers this way, or disabling your network, so it's not an attack.
The packets will have to be tracked back to their source on a router-by-router basis. Once you track it back to your internet connection your options are quite limited. Unless it's very serious, it's a lot of work and you're not likely to get that much help from all the internet backbone operators to track down something as trivial as the source of a ICMP ping packet. If you were facing a sustained DOS flood of them, maybe, but less than 10,000 per hour, no.
------------------------------------------------------- This SF.net email is sponsored by: IT Product Guide on ITManagersJournal Use IT products in your business? Tell us what you think of them. Give us Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more http://productguide.itmanagersjournal.com/guidepromo.tmpl _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- IP spoofing Aguiar Magalhaes (Oct 07)
- Re: IP spoofing Matt Kettler (Oct 07)
- Help with windows XP pro Mario Guerendo (Oct 07)
- Re: Help with windows XP pro Paul Martin (Oct 08)
- RE: Help with windows XP pro Michael Steele (Oct 08)
- Re: Help with windows XP pro Paul Martin (Oct 08)
- Re: IP spoofing O-Zone (Oct 08)
- Re: IP spoofing Jose Maria Lopez (Oct 10)