Re: [fw-wiz] Wayyy too many spoofed packets

From: Chris de Vidal (chris_at_devidal.tv)
Date: 11/21/03

  • Next message: Maria Wing: "[fw-wiz] Private IP going outside of the firewall"
    To: "Paul Robertson" <proberts@patriot.net>
    Date: Fri, 21 Nov 2003 15:40:02 -0500 (EST)
    
    

    Paul Robertson said:
    > It's probably just weird broadcast handling, since once your workstation
    > puts the packets out on the wire, and the destination is broadcast, it's
    > obligated to accept them off the wire so that an application can handle
    > them.

    Ahh, now that makes sense. The packet is being broadcast and the sending
    interface is also the recieving interface and I get a match.

    I'll see if I can add broadcast ignoring to that spoof protection.

    Thanks!
    /dev/idal
    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


  • Next message: Maria Wing: "[fw-wiz] Private IP going outside of the firewall"

    Relevant Pages

    • Re: spoofing ip as broadcast
      ... A subnet broadcast is sent out to the MAC address ff:ff:ff:ff:ff:ff ... only hosts in the same subnet will pay attention to the packet; ... As far out as practical that you can arrange, you should filter packets ...
      (comp.security.misc)
    • Re: spoofing ip as broadcast
      ... A subnet broadcast is sent out to the MAC address ff:ff:ff:ff:ff:ff ... only hosts in the same subnet will pay attention to the packet; ... As far out as practical that you can arrange, you should filter packets ...
      (comp.security.misc)
    • Re: Should I configure a firewall to allow multicast?
      ... Even says so right here - 192.168.1.255 is the broadcast address. ... packets to multiple clients who have _requested_ to receive them. ... Obviously the entire network address range would be blocked ... attempting to look up the name of the _client_ for the logs. ...
      (comp.security.firewalls)
    • Re: spoofing ip as broadcast
      ... :There's an attack for win9x machines wherein the hacker spoofs another users ... :IP so as to cause all those on the same network to consider that IP as a "broadcast" ... What would make sense as an attack would be to spoof someone else's ... I got a flood of packets from just about every imaginable ...
      (comp.security.firewalls)
    • Re: spoofing ip as broadcast
      ... :There's an attack for win9x machines wherein the hacker spoofs another users ... :IP so as to cause all those on the same network to consider that IP as a "broadcast" ... What would make sense as an attack would be to spoof someone else's ... I got a flood of packets from just about every imaginable ...
      (comp.security.firewalls)