RE: Re: [fw-wiz] Wayyy too many spoofed packets

From: Frank Knobbe (
Date: 11/22/03

  • Next message: Luca Berra: "Re: [fw-wiz] PIX 500 as ROUTER ONLY"
    To: Chris de Vidal <>
    Date: Fri, 21 Nov 2003 23:03:12 -0600

    On Fri, 2003-11-21 at 22:52, Chris de Vidal wrote:
    > So why do I see so many inbound packets from the network coming through
    > eth0 with my IP? The only explaination that makes sense is a router
    > somewhere rebroadcasting packets...

    Those are packets FROM your IP for the network. They're not spoofed,
    your box sends them to the network.

    +-------+ +----+
    |You Box|---|eth0|---> network
    +-------+ +----+ ->

    netfilter logs that packet that is trying to leave your box. There is no
    spoofed packets.

    If you turn your box off, and use a different machine with tcpdump,
    sniff the traffic and STILL capture packets with the turned off IP
    address, then I believe you have spoofed packets floating around :)
    Until then, the way I see your description is that you are
    logging/blocking VALID packets FROM your box to the network.



    firewall-wizards mailing list

  • Next message: Luca Berra: "Re: [fw-wiz] PIX 500 as ROUTER ONLY"