|
Security Incidents
mailing list archives
Re: Ip spoof from 0.0.0.0
From: "David Gillett" <gillettdavid () fhda edu>
Date: Thu, 7 Nov 2002 17:03:57 -0800
I too caught a whiff of this.
But what's somewhat more worrying is that in the
last week I've also seen probes of port 445 from 3
other addresses:
1. 1 packet with an IP source address that appears
to put it in China.
2. half a dozen with the (spoofed) origin address of
a Cisco router on the edge of my network.
3. several dozen with the (spoofed) origin address of
an Alcatel router at the core of my network. Packets
with this origin address would have been blocked by
anti-spoofing rules at my border if they were coming
from outside my network.
Conclusion, then, is that I have a source for this
traffic somewhere inside my network.
Any hints what this traffic is really trying to do
or what causes it?
David Gillett
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
 By Date 
By Thread
Current thread:
- Re: Ip spoof from 0.0.0.0, (continued)
Re: Ip spoof from 0.0.0.0 David Gillett (Nov 08)
Re: Ip spoof from 0.0.0.0 Hernan Otero (Nov 08)
RE: Ip spoof from 0.0.0.0 Onsite West Houston (Nov 11)
RE: Ip spoof from 0.0.0.0 Ingersoll, Jared (Nov 11)
RE: Ip spoof from 0.0.0.0 Steenbergen, Dennis, Contractor (Nov 12)
|
Intro
