[23773] in North American Network Operators' Group
Re: address spoofing
daemon@ATHENA.MIT.EDU (Randy Bush)
Thu Apr 22 21:34:57 1999
Date: Thu, 22 Apr 1999 18:33:24 -0700 (PDT)
From: Randy Bush <randy@psg.com>
To: nanog@merit.edu
Errors-To: owner-nanog-outgoing@merit.edu
everybody seems to be focussed on the 1918 space packets and the
explanations seem half reasonable. as Daniel Senie <dts@senie.com> said,
the rules of the road say i should not be seeing packets from 1918 space.
i.e. at best these come from broken places.
but the uglier symptoms are packets from my own address space
deny ip 147.28.0.0 0.0.255.255 any (6 matches)
the loopback network
deny ip 127.0.0.0 0.255.255.255 any (375 matches)
and attempts on 111 and 2049
deny udp any any eq sunrpc (9 matches)
deny tcp any any eq 2049 (494 matches)
randy
