Security Incidents: Re: Ip spoof from 0.0.0.0

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Security Incidents mailing list archives

Re: Ip spoof from 0.0.0.0

From: "Pavel Kankovsky" <peak () argo troja mff cuni cz>
Date: Wed, 6 Nov 2002 01:34:51 +0100 (CET)

On Mon, 4 Nov 2002, Ingersoll, Jared wrote:

Nov  1 01:42:44 2U:10.1.1.1 Nov 01 2002 01:50:32: %PIX-2-106016: Deny IP
spoof from (0.0.0.0) to x.x.x.5


We're seeing them too, since Nov 1 03:30 GMT, approx. 150 per a day.
TCP SYNs to port 445 on different IPs. An interesting detail is that all
of them have IP ID == 256. TTL appears to vary between 108 and 113.

--Pavel Kankovsky aka Peak
"Welcome to the Czech Republic. Bring your own lifeboats."



----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

By Date By Thread

Current thread:

Ip spoof from 0.0.0.0 Ingersoll, Jared (Nov 04)
- Re: Ip spoof from 0.0.0.0 Olaf Schreck (Nov 04)
  - Message not available
    - Re: Ip spoof from 0.0.0.0 Mike Lewinski (Nov 05)
    - Re: Ip spoof from 0.0.0.0 Crist J. Clark (Nov 06)
- Re: Ip spoof from 0.0.0.0 Pavel Kankovsky (Nov 06)
  - RE: Ip spoof from 0.0.0.0 Omar Herrera (Nov 07)
    - RE: Ip spoof from 0.0.0.0 Russell Fulton (Nov 07)
- RE: Ip spoof from 0.0.0.0 Omar Herrera (Nov 07)
- Re: Ip spoof from 0.0.0.0 Mike Maxwell (Nov 09)
- <Possible follow-ups>
- Re: Ip spoof from 0.0.0.0 Frank Cheong (Nov 06)