|
Security Incidents
mailing list archives
Re: Ip spoof from 0.0.0.0
From: "Jason Robertson" <jason () ifuture com>
Date: Thu, 07 Nov 2002 22:16:46 -0500
For all of you who want the list of bogus IP's
http://www.cymru.com/Documents/bogon-list.html
As for 0.0.0.0, it is used for DHCP, but it shouldn't go beyond your
gateway, or anyone elses.
Also the addressing is usually 0.0.0.0 -> 255.255.255.255 67
At least on our network at work...
On 6 Nov 2002 at 23:53, Nexus wrote:
From: "Nexus" <nexus () patrol i-way co uk>
To: "Frank Cheong" <chocobofrank () hotmail com>,
"Paul Gillingwater" <paul () lanifex com>
Copies to: <incidents () securityfocus com>
Subject: Re: Ip spoof from 0.0.0.0
Date sent: Wed, 6 Nov 2002 23:53:10 -0000
----- Original Message -----
From: "Paul Gillingwater" <paul () lanifex com>
To: "Frank Cheong" <chocobofrank () hotmail com>
Cc: <incidents () securityfocus com>
Sent: Wednesday, November 06, 2002 7:08 PM
Subject: Re: Ip spoof from 0.0.0.0
[snip]
your router, not the remote attacker. The best you could do is ask your
upstream ISP to filter outgoing traffic to drop IP packets with invalid
source addresses like 0.0.0.0.
[snip]
Good advice, also good luck ;-)
Try (tcp)tracerouting to RFC1918 addresses or IANA reserved netblocks
through ISP's - quite scary how far you get sometimes before somebody with
clue > 0 has been at the router configs and it gets dropped...
Cheers.
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
--
Jason Robertson
Now at the Nation Research Council.
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
 By Date 
By Thread
Current thread:
|
Intro
