RE: [fw-wiz] Wayyy too many spoofed packets

From: Chris de Vidal (
Date: 11/22/03

  • Next message: Bill Royds: "RE: Re: [fw-wiz] Wayyy too many spoofed packets"
    To: "Jeroen De Corel" <>
    Date: Fri, 21 Nov 2003 19:13:58 -0500 (EST)

    Jeroen De Corel said:
    > What do you mean with packets claiming to be your ip address: a public ip
    > address on the internal network?

    I mean this:
    Network ------------------------ eth0

    Packet (from -----> eth0 (should not ever happen, but
    happened 144 times yesterday out of millions of packets)

    > You wouldn't happen to be running vmware in the background, would you?


    Someone on this list explained that this is probably happening:
    eth0 --> Packet from to --> network
    eth0 <----------------------------------------------------+
    (listening to all traffic destined for

    So I'm probably getting my own broadcast traffic back. But I wasn't
    expecting that :-)

    The solution is to not flag broadcast packets with my IP coming in. I
    think I can add ! -s to my rule.

    Thanks for the help!
    firewall-wizards mailing list

  • Next message: Bill Royds: "RE: Re: [fw-wiz] Wayyy too many spoofed packets"

    Relevant Pages

    • Re: Cant use internal network after dialup modem is used -- FOLLOWUP: better output
      ... Here is a corrected/improved version with more useful indenting. ... Just after reboot, can use internal network. ... In particular, during and after use of dialup modem, ping gives: ... packets transmitted, 4 packets received, 0% packet loss ...
    • Re: Iptables or misconfiguration?
      ... > I'm building up a router with IPTABLES. ... > communicates with the machines on the internal network, ... These addresses should never appear as sources on any packets you receive ... to attack others. ...
    • Re: Odd windows ICMP... any ideas what this is?
      ... > Our IDS has been reporting some large ICMP packets on ... > our internal network. ... Apparently w32 boxes ping their domain controller regularly. ... profiling the ICMP traffic immediately afterwards would help to provide ...
    • IPFW questions
      ... I'm in the process of reviewing my IPFW firewall rules since they've ... bdg_forward packets. ... that when a machine on my internal network transmits a packet that is ...
    • Re: IPFilter/IPNat and rdr
      ... but the next rule overrides lets the packet in IF it is ... You may or may not want the quick keyword in that second rule, ... > rule to prevent packets from the outside that contain a destination IP ... > on my internal network from passing through my firewall and entering my ...