Re: A better, or worse, spoofing attack?
From: Tim Haynes (usenet@stirfried.vegetable.org.uk)Date: 05/15/02
- Next message: Ross: "How to Set NIS Password Age?"
- Previous message: Kasper Dupont: "Re: sftp and ftpd"
- In reply to: Douglas Cowan: "A better, or worse, spoofing attack?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Tim Haynes <usenet@stirfried.vegetable.org.uk> Date: 15 May 2002 16:34:47 +0100
"Douglas Cowan" <news@REMOVEthisBITdacowan.co.uk> writes:
> May 15 06:25:53 baleen kernel: Attempted UDP IN=ppp0 OUT= MAC=
> SRC=61.144.177.20 DST= LEN=78 TOS=0x00 PREC=0x00 TTL=104 ID=49762 PROTO=UDP
> SPT=137 DPT=137 LEN=58
> May 15 06:25:53 baleen kernel: Spoofer IN=ppp0 OUT= MAC= SRC=192.168.1.10
> DST= LEN=78 TOS=0x00 PREC=0x00 TTL=104 ID=49506 PROTO=UDP SPT=137 DPT=137
> LEN=58
>
> I know that 137 is a Windows netbios port. It appears that someone's been
> trying to spoof me at this port, at the same time as trying to access.
> Kind of a mess-up since I now know who it is who's done it. Is this
> standard practice for spoofing attacks? Most of the others I see are just
> a whole load of attempts from the "spoofed" address...
I would've put it down to a crappy misconfigured windoze box on a network
not filtering private IP#-ranges myself, unless I'd missed something?
~Tim
-- 16:33:51 up 189 days, 17:07, 7 users, load average: 0.19, 0.35, 0.26 piglet@stirfried.vegetable.org.uk |Gabrielle and Madelene were just dolls. http://piglet.is.dreaming.org |
- Next message: Ross: "How to Set NIS Password Age?"
- Previous message: Kasper Dupont: "Re: sftp and ftpd"
- In reply to: Douglas Cowan: "A better, or worse, spoofing attack?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
