Re: Ip spoof from 0.0.0.0
From: Pavel Kankovsky (peak@argo.troja.mff.cuni.cz)Date: 11/06/02
- Previous message: H C: "Re: Port 1975 rogue service"
- In reply to: Ingersoll, Jared: "Ip spoof from 0.0.0.0"
- Next in thread: Omar Herrera: "RE: Ip spoof from 0.0.0.0"
- Next in thread: Frank Cheong: "Re: Ip spoof from 0.0.0.0"
- Reply: Omar Herrera: "RE: Ip spoof from 0.0.0.0"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Pavel Kankovsky" <peak@argo.troja.mff.cuni.cz> Date: Wed, 6 Nov 2002 01:34:51 +0100 (CET) To: incidents@securityfocus.com
On Mon, 4 Nov 2002, Ingersoll, Jared wrote:
> Nov 1 01:42:44 2U:10.1.1.1 Nov 01 2002 01:50:32: %PIX-2-106016: Deny IP
> spoof from (0.0.0.0) to x.x.x.5
We're seeing them too, since Nov 1 03:30 GMT, approx. 150 per a day.
TCP SYNs to port 445 on different IPs. An interesting detail is that all
of them have IP ID == 256. TTL appears to vary between 108 and 113.
--Pavel Kankovsky aka Peak
"Welcome to the Czech Republic. Bring your own lifeboats."
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
- Previous message: H C: "Re: Port 1975 rogue service"
- In reply to: Ingersoll, Jared: "Ip spoof from 0.0.0.0"
- Next in thread: Omar Herrera: "RE: Ip spoof from 0.0.0.0"
- Next in thread: Frank Cheong: "Re: Ip spoof from 0.0.0.0"
- Reply: Omar Herrera: "RE: Ip spoof from 0.0.0.0"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
