RE: Re: [fw-wiz] Wayyy too many spoofed packets
From: Frank Knobbe (frank_at_knobbe.us)
Date: 11/22/03
- Previous message: Chris de Vidal: "RE: Re: [fw-wiz] Wayyy too many spoofed packets"
- In reply to: Chris de Vidal: "RE: Re: [fw-wiz] Wayyy too many spoofed packets"
- Next in thread: Daniel Linder: "RE: Re: [fw-wiz] Wayyy too many spoofed packets"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: Chris de Vidal <chris@devidal.tv> Date: Fri, 21 Nov 2003 23:03:12 -0600
On Fri, 2003-11-21 at 22:52, Chris de Vidal wrote:
> So why do I see so many inbound packets from the network coming through
> eth0 with my IP? The only explaination that makes sense is a router
> somewhere rebroadcasting packets...
Those are packets FROM your IP for the network. They're not spoofed,
your box sends them to the network.
+-------+ +----+
|You Box|---|eth0|---> network
+-------+ +----+
172.19.2.200 -> 172.19.255.255
netfilter logs that packet that is trying to leave your box. There is no
spoofed packets.
If you turn your box off, and use a different machine with tcpdump,
sniff the traffic and STILL capture packets with the turned off IP
address, then I believe you have spoofed packets floating around :)
Until then, the way I see your description is that you are
logging/blocking VALID packets FROM your box to the network.
Regards,
Frank
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- application/pgp-signature attachment: This is a digitally signed message part
- Previous message: Chris de Vidal: "RE: Re: [fw-wiz] Wayyy too many spoofed packets"
- In reply to: Chris de Vidal: "RE: Re: [fw-wiz] Wayyy too many spoofed packets"
- Next in thread: Daniel Linder: "RE: Re: [fw-wiz] Wayyy too many spoofed packets"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
