How to get rid of spoofed IP-Address responses

From: NetWatch (netwatch@sagadc.de)
Date: 05/23/02


Date: Thu, 23 May 2002 22:30:22 +0200
From: "NetWatch" <netwatch@sagadc.de>
To: <focus-linux@securityfocus.com>

Perhaps you can help me out of my trouble.

Since several weeks we are getting SYN responses from Hosts that were
under a DOS attack. The attacker used our IP-Addresses as the spoofed
source IP and Port 80 as the source port.
Everything I can find is how to survive when I am the attacked network.
How can I prevent to get these stupid responses to my network. This is
really annoying. One of the hosts was in the Cerf-Net which is now
handled by AT&T. These people are pretty arrogant and delete every mail
I sent to the administrators of the network just immediately after
arriving.

We had another system identified in Sweden which was powered off and
disconnected. Meanwhile this IP address is gone from our blocking list.

We run SuSE 7.3 with Iptables. Also Snort and are blocking some data
already on our CISCO border router.

I have no idea anymore how to kill these packets.

Any help is really well appreciated.

Thanks to all of you,
Jochen Grotepass
SAGA D.C. GmbH



Relevant Pages

  • Re: ShareFS Windows client?
    ... It is inherently more secure from network attack, ... eg Off, Stealth, steath to hosts off the subnet, closed to hosts off ...
    (comp.sys.acorn.apps)
  • Re: Anonymizing Packets yet ensuring 0 % packet loss
    ... Seeing as you say you are on internal network and have permission then ... have a chance to do an ARP poisoning attack. ... masquerade attack that would abuse the other hosts IP ... capture have accounts on UNIX hosts you could try ...
    (Pen-Test)
  • Re: WiFi Security
    ... The real risk is that they can use your network to attack or ... to isolate hosts so they can't access each other. ... network access), not *encryption*. ...
    (alt.internet.wireless)
  • Tech paper on proposed future generation NIDS
    ... Data is aggregated from the network ... UDP packets, or other incongruity in data and packet types. ... to reduce IDS rule sets and attack proccessing. ... When people in security speak of correlation, ...
    (Focus-IDS)
  • RE: Intrusion Prevention Systems
    ... Network systems functioning as a bridge can prevent the traffic ... recognize the attack and prevent it from affecting the target is absurd. ... His point is that there are many techniques ... variables affecting the application's receipt of and response to the data. ...
    (Focus-IDS)