[2789] in bugtraq
Re: nuke
daemon@ATHENA.MIT.EDU (Rowan Smith)
Mon Jun 24 12:07:17 1996
Date: Mon, 24 Jun 1996 19:11:14 +1200
Reply-To: Bugtraq List <BUGTRAQ@netspace.org>
From: Rowan Smith <rowan@iconz.co.nz>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@netspace.org>
In-Reply-To: <199606212123.RAA09399@narq.avian.org>
On Fri, 21 Jun 1996, *Hobbit* wrote:
> Why the people running IRC servers are allowing "their-own-net" spoofed
Well we don't. I had a look at a packet dump one day using etherfind,
I unfortunately don't know enough about IP to explain this properly but
there were two parts to the packet, the ICMP part and the IP part.
The IP part had a fake SRC address that was NOT in our network, the ICMP
part had a SRC address (and Destination Address) that was in our Network.
We have configured the Ciscos to drop any packets with a SRC address that
is within our local network at the gateway, my guess is that the Ciscos
are not looking at the Second set of IP addresses.
Like I said I don't know enough about it, my solution was simple, I droped
all ICMP destined for Auckland.NZ.Undernet.ORG, but its not the solution I
really had wanted.
-Rowan
