[23801] in North American Network Operators' Group
Re: address spoofing
daemon@ATHENA.MIT.EDU (John Leong)
Fri Apr 23 21:03:25 1999
Date: Fri, 23 Apr 1999 18:04:22 -0700
From: John Leong <johnleong@research.bell-labs.com>
To: Randy Bush <randy@psg.com>, nanog@merit.edu
Errors-To: owner-nanog-outgoing@merit.edu
>> but the uglier symptoms are packets from my own address space
>>
>> deny ip 147.28.0.0 0.0.255.255 any (6 matches)
>
> I have vague memory of an old attack using ping with source address
> equal to broadcast address of the target net.
That is over and above TCP connection hijacking, server attacks with
half openned TCP connections and such fumy things. On the other hand,
given you seem to have only 6 incidences, looks more like screw up than
real attack.
Regards,
John Leong
--
---------------------------------------------------------
Bell Labs Research johnleong@research.bell-labs.com
4995 Patrick Henry Dr. Tel: 408-567-4459
Santa Clara, CA 95054 Fax: 408-567-4448
