[147780] in North American Network Operators' Group
Re: Any tools to help network security
daemon@ATHENA.MIT.EDU (Christopher Morrow)
Wed Dec 21 16:16:38 2011
In-Reply-To: <4EF22F8C.8090008@tiggee.com>
Date: Wed, 21 Dec 2011 16:15:34 -0500
From: Christopher Morrow <morrowc.lists@gmail.com>
To: David Miller <dmiller@tiggee.com>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Wed, Dec 21, 2011 at 2:12 PM, David Miller <dmiller@tiggee.com> wrote:
> On 12/21/2011 2:03 PM, sthaug@nethelp.no wrote:
>>>
>>> We discover there are so many (source) ip not belonging to our network
>>> to go to outside.
>>>
>>> We can block it but don't know how to locate the source.
>>>
>>> Any tools can be easily found out.
>>
>> http://lmgtfy.com/?q=3Dunicast+rpf
>>
>> Steinar Haug, Nethelp consulting, sthaug@nethelp.no
>>
>
> Also - http://lmgtfy.com/?q=3Dtracing+spoofed+source+on+network
>
> Which get you to some strategies for finding the source(s) on your networ=
k
> (which I believe was the OP's question). =A0Including:
> =A0http://www.csm.ornl.gov/~dunigan/oci/bktrk.html
> =A0http://www.cymru.com/Documents/tracking-spoofed.html
also, of course netflow... which I think Deric has asked about in the past?
