RE: Localhost packets on WAN

From: David Gillett (gillettdavid_at_fhda.edu)
Date: 09/30/04

  • Next message: James C Slora Jr: "RE: Localhost packets on WAN"
    To: "'James C Slora Jr'" <Jim.Slora@phra.com>, "'Kirby Angell'" <kangell@alertra.com>, "'Incidents List'" <incidents@securityfocus.com>
    Date: Thu, 30 Sep 2004 09:03:04 -0700
    
    

    > These packets should not be arriving at your perimeter at
    > all.

      Anything sourced from a loopback address should be BLOCKED
    at your perimeter. But if it has your destination address, it
    will arrive AT your perimeter unless somebody upstream bothers
    to look at the source address for you. Most ISPs don't, unless
    you've requested their help fending off a DoS attack.

    > They are not blowback from misguided Blaster or Nachi
    > countermeasures as someone will undoubtedly suggest.

      Please offer some *plausible* alternate explanation. The
    Blaster blowback precisely explains every detail of traffic
    like this that I have seen directly or heard reported by
    others. Do you possess some additional evidence that
    contradicts it? Do you have a simpler explanation that
    adequately explains the evidence?

    David Gillett


  • Next message: James C Slora Jr: "RE: Localhost packets on WAN"