Security Incidents: Re: Ip spoof from 0.0.0.0

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Security Incidents mailing list archives

Re: Ip spoof from 0.0.0.0

From: Mike Lewinski <mike () rockynet com>
Date: Wed, 06 Nov 2002 11:05:46 -0700

Frank Cheong wrote:

In-Reply-To:

o yes, I also get these kind of attack these few days while some of them

leaving a MAC Address 00.30.B6.D0.3C.EC so what can I do to stop these

attack now ? As all I got is only a MAC address.

Your pix already stopped it. That MAC address is whatever device yourpix is connected to on the outside interface (if not, then a source ofwhat everyone else here is seeing is on your DMZ!).

You can only see local MAC addresses, due to the nature of how layer2<-> layer3 conversions work.

If you don't want the pix to drop the traffic, create an acl on yourupstream router and block at the edge, or ask your ISP to do the same per:


http://www.cymru.com/Documents/secure-ios-template.html

Mike



----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.

For more information on this free incident handling, managementand tracking system please see: http://aris.securityfocus.com

By Date By Thread

Current thread:

RE: Ip spoof from 0.0.0.0, (continued)
- RE: Ip spoof from 0.0.0.0 Omar Herrera (Nov 07)
- Re: Ip spoof from 0.0.0.0 Mike Maxwell (Nov 09)
- Re: Ip spoof from 0.0.0.0 Frank Cheong (Nov 06)
  - Re: Ip spoof from 0.0.0.0 Mike Lewinski (Nov 06)
  - Re: Ip spoof from 0.0.0.0 Paul Gillingwater (Nov 06)
    - Re: Ip spoof from 0.0.0.0 Nexus (Nov 07)
    - Re: Ip spoof from 0.0.0.0 batz (Nov 07)
    - Re: Ip spoof from 0.0.0.0 Jason Robertson (Nov 08)
- Re: Ip spoof from 0.0.0.0 David Gillett (Nov 08)