Security Incidents: RE: Ip spoof from 0.0.0.0

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Security Incidents mailing list archives

RE: Ip spoof from 0.0.0.0

From: Russell Fulton <r.fulton () auckland ac nz>
Date: 08 Nov 2002 09:44:17 +1300

On Thu, 2002-11-07 at 13:29, Omar Herrera wrote:

 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

It seems that something similar has been discussed before:
http://archives.neohapsis.com/archives/iss/2000-q1/0461.html


but this is not a SYN flood, or even a SYN trickle.  It is one or two
packets per hour targeted at individual addresses in the low half of a
/24.

Yes, I saw one of these yesterday in a /24 that I monitor.  Have not
seen anything in our main address block yet.

-- 
Russell Fulton, Computer and Network Security Officer
The University of Auckland,  New Zealand

"It aint necessarily so"  - Gershwin


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

By Date By Thread

Current thread:

Re: Ip spoof from 0.0.0.0, (continued)
- Re: Ip spoof from 0.0.0.0 Olaf Schreck (Nov 04)
  - Message not available
    - Re: Ip spoof from 0.0.0.0 Mike Lewinski (Nov 05)
    - Re: Ip spoof from 0.0.0.0 Crist J. Clark (Nov 06)
- Re: Ip spoof from 0.0.0.0 Pavel Kankovsky (Nov 06)
  - RE: Ip spoof from 0.0.0.0 Omar Herrera (Nov 07)
    - RE: Ip spoof from 0.0.0.0 Russell Fulton (Nov 07)
- RE: Ip spoof from 0.0.0.0 Omar Herrera (Nov 07)
- Re: Ip spoof from 0.0.0.0 Mike Maxwell (Nov 09)
- Re: Ip spoof from 0.0.0.0 Frank Cheong (Nov 06)
  - Re: Ip spoof from 0.0.0.0 Mike Lewinski (Nov 06)
  - Re: Ip spoof from 0.0.0.0 Paul Gillingwater (Nov 06)