Re: Localhost packets on WAN
From: Kirby Angell (kangell_at_alertra.com)
Date: 09/30/04
- Previous message: Frank Knobbe: "RE: Localhost packets on WAN"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 30 Sep 2004 16:10:12 -0500
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
In our case the WAN IP in question is for our backup connection and is
not published anywhere. If this were a planned DDoS against us
specifically I would expect they would use the IP published by for our
web server.
Still might be an actual attack, but probably not a DDoS precursor.
spainsecurity-s.navarro wrote:
| This kind of traffic can be also the beginning of an attack to your
network.
| I've been seing this behavior in the past months in some networks I've
been
| monitoring (of my customers).
| Most of the times these spoofed addresses were the beginning of DDoS
attacks to
| hosting providers or just large networks.
| Your perimeter (firewall, router, whatever) should block these
packets, but in
| the case of a DDoS atack you are lost, unless you have great bandwidth
or you
| are monitoring carefuly to provide info to your ISP, in order to block
this
| traffic before reaching your firewall. ISP also should not allow
traffic from a
| loopback address.
| Hope this can help.
- --
Thank you,
Kirby Angell
Get notified anytime your website goes down!
http://www.alertra.com
key: 9004F4C0
fingerprint: DD7E E88D 7F50 2A1E 229D 836A DB5B A751 9004 F4C0
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFBXHY021unUZAE9MARAq0RAJ9W8AU9ghj89sVxIUHZs3Eqfc0BKQCbBOgi
N9LLr5XZhzJQ4JUrZLP4NT0=
=Ew8m
-----END PGP SIGNATURE-----
- Previous message: Frank Knobbe: "RE: Localhost packets on WAN"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
