RE: Localhost packets on WAN
From: David Gillett (gillettdavid_at_fhda.edu)
To: "'James C Slora Jr'" <Jim.Slora@phra.com>, "'Kirby Angell'" <firstname.lastname@example.org>, "'Incidents List'" <email@example.com> Date: Thu, 30 Sep 2004 09:03:04 -0700
> These packets should not be arriving at your perimeter at
Anything sourced from a loopback address should be BLOCKED
at your perimeter. But if it has your destination address, it
will arrive AT your perimeter unless somebody upstream bothers
to look at the source address for you. Most ISPs don't, unless
you've requested their help fending off a DoS attack.
> They are not blowback from misguided Blaster or Nachi
> countermeasures as someone will undoubtedly suggest.
Please offer some *plausible* alternate explanation. The
Blaster blowback precisely explains every detail of traffic
like this that I have seen directly or heard reported by
others. Do you possess some additional evidence that
contradicts it? Do you have a simpler explanation that
adequately explains the evidence?