Firewall Wizards: Re: Wayyy too many spoofed packets

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Firewall Wizards mailing list archives

Re: Wayyy too many spoofed packets

From: "Chris de Vidal" <chris () devidal tv>
Date: Fri, 21 Nov 2003 15:40:02 -0500 (EST)

Paul Robertson said:

It's probably just weird broadcast handling, since once your workstation
puts the packets out on the wire, and the destination is broadcast, it's
obligated to accept them off the wire so that an application can handle
them.


Ahh, now that makes sense.  The packet is being broadcast and the sending
interface is also the recieving interface and I get a match.

I'll see if I can add broadcast ignoring to that spoof protection.

Thanks!
/dev/idal
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

By Date By Thread

Current thread:

Wayyy too many spoofed packets Chris de Vidal (Nov 21)
- Re: Wayyy too many spoofed packets Paul Robertson (Nov 21)
  - Re: Wayyy too many spoofed packets Chris de Vidal (Nov 23)
- Message not available
  - RE: Wayyy too many spoofed packets Chris de Vidal (Nov 21)
- Re: Wayyy too many spoofed packets Mikael Olsson (Nov 21)
- <Possible follow-ups>
- Re: Wayyy too many spoofed packets Chris de Vidal (Nov 21)
  - Re: Wayyy too many spoofed packets Frank Knobbe (Nov 21)
- RE: Re: Wayyy too many spoofed packets Bill Royds (Nov 21)