RE: Localhost packets on WAN
From: David Gillett (gillettdavid_at_fhda.edu)
Date: 09/30/04
- Previous message: Frank Knobbe: "Re: Localhost packets on WAN"
- In reply to: James C Slora Jr: "RE: Localhost packets on WAN"
- Next in thread: James C Slora Jr: "RE: Localhost packets on WAN"
- Reply: James C Slora Jr: "RE: Localhost packets on WAN"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "'James C Slora Jr'" <Jim.Slora@phra.com>, "'Kirby Angell'" <kangell@alertra.com>, "'Incidents List'" <incidents@securityfocus.com> Date: Thu, 30 Sep 2004 09:03:04 -0700
> These packets should not be arriving at your perimeter at
> all.
Anything sourced from a loopback address should be BLOCKED
at your perimeter. But if it has your destination address, it
will arrive AT your perimeter unless somebody upstream bothers
to look at the source address for you. Most ISPs don't, unless
you've requested their help fending off a DoS attack.
> They are not blowback from misguided Blaster or Nachi
> countermeasures as someone will undoubtedly suggest.
Please offer some *plausible* alternate explanation. The
Blaster blowback precisely explains every detail of traffic
like this that I have seen directly or heard reported by
others. Do you possess some additional evidence that
contradicts it? Do you have a simpler explanation that
adequately explains the evidence?
David Gillett
- Previous message: Frank Knobbe: "Re: Localhost packets on WAN"
- In reply to: James C Slora Jr: "RE: Localhost packets on WAN"
- Next in thread: James C Slora Jr: "RE: Localhost packets on WAN"
- Reply: James C Slora Jr: "RE: Localhost packets on WAN"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
