RE: Re: [fw-wiz] Wayyy too many spoofed packets
From: Frank Knobbe (frank_at_knobbe.us)
To: Chris de Vidal <firstname.lastname@example.org> Date: Fri, 21 Nov 2003 23:03:12 -0600
On Fri, 2003-11-21 at 22:52, Chris de Vidal wrote:
> So why do I see so many inbound packets from the network coming through
> eth0 with my IP? The only explaination that makes sense is a router
> somewhere rebroadcasting packets...
Those are packets FROM your IP for the network. They're not spoofed,
your box sends them to the network.
|You Box|---|eth0|---> network
172.19.2.200 -> 172.19.255.255
netfilter logs that packet that is trying to leave your box. There is no
If you turn your box off, and use a different machine with tcpdump,
sniff the traffic and STILL capture packets with the turned off IP
address, then I believe you have spoofed packets floating around :)
Until then, the way I see your description is that you are
logging/blocking VALID packets FROM your box to the network.
firewall-wizards mailing list
- application/pgp-signature attachment: This is a digitally signed message part