[21516] in North American Network Operators' Group
Re: Exodus / Clue problems
daemon@ATHENA.MIT.EDU (Jeff Carneal)
Mon Nov 16 11:16:46 1998
Date: Sun, 15 Nov 1998 22:34:53 -0600 (CST)
From: Jeff Carneal <jeff@apex.net>
To: TTSG <ttsg@ttsg.com>
cc: James McKenzie <mcs@1ipnet.net>, nanog@merit.edu, asr@millburn.net
In-Reply-To: <199811160354.WAA32611@heimdall.ttsg.com>
On Sun, 15 Nov 1998, TTSG wrote:
> > removed from the network by request of the owner of the box.
>
> b) WAS the origination actually the box as people have claimed, or
> was it spoofed?
I seriously doubt it was spoofed as mentioned before because the attacker
was going after _TCP_ ports on a wide spectrum of machine types. Unless
he recently found a bug in every OS that allows IP blind spoofing (ISN
generation bugs?), it just about had to be the real address.
--
Jeff Carneal - Sys Admin - Apex Internet
jeff@apex.net http://www.apex.net (502) 442-5363
The opinions expressed above aren't really mine.
They belong to someone else who also refuses to
take responsibility for them.
