Re: Is anyone else seeing SMURF ?

[blather <blather () kcgeek com>]

I'm seeing these:

Aug 27 12:35:02 whiskey /kernel: ipfw: 6400 Deny ICMP:8.0 66.143.190.199 [obs.fus.cate.d] in via xl0

...193 since the log rolled over at noon today.



On Wed, Aug 27, 2003 at 03:04:24PM -0400, Tomas Wolf whispered across the ether:
> Well any router and firewall should have the ability to recongnize that 
> if on interface1 comes something that has source as if it was from the 
> network of interface2, it won't let it through.. Simple access list 
> should do this, and also not allowing anything with your LAN broadcast 
> from the WAN interface.
> And what protocol does it use?
> Tomas
>
> SVater () oh hra com wrote:
>
> > Over the last month, I increasing numbers of Smurf trying to come in on my
> > home firewall, all on Port 0.  From what I have seen & read, this is a
> > pretty old vulnerability that has been patched. Is this a new hole? I went
> > from seeing one in a month to 40 (different IPs) just this weekend over a
> > 72 hr period. All coming from my local area (guessing just on the info that
> > I pull from GeoBytes.com).
> >
> > Anyone else seeing this ?
> >
> > Sean
> >
> >
> > "Eagles may soar but weasels don't get sucked into jet engines." Steven
> > Wright
> >
> >
> >
> >
> > **********************************************************************
> > This email and any files transmitted with it are confidential and
> > intended solely for the use of the individual or entity to whom they
> > are addressed. If you have received this email in error please notify
> > the system manager.
> >
> > This footnote also confirms that this email message has been swept by
> > MIMEsweeper for the presence of computer viruses.
> > **********************************************************************
> >
> >
> > ---------------------------------------------------------------------------
> > Attend Black Hat Briefings & Training Federal, September 29-30 (Training), 
> > October 1-2 (Briefings) in Tysons Corner, VA; the world's premier 
> > technical IT security event.  Modeled after the famous Black Hat event in 
> > Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.  
> > Symantec is the Diamond sponsor.  Early-bird registration ends September 6.Visit us: www.blackhat.com
> > ----------------------------------------------------------------------------
> >
> >
> >
> >  
>
>
>
> ---------------------------------------------------------------------------
> Attend Black Hat Briefings & Training Federal, September 29-30 (Training), 
> October 1-2 (Briefings) in Tysons Corner, VA; the world's premier 
> technical IT security event.  Modeled after the famous Black Hat event in 
> Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.  
> Symantec is the Diamond sponsor.  Early-bird registration ends September 6.Visit us: www.blackhat.com
> ----------------------------------------------------------------------------

---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Federal, September 29-30 (Training), 
October 1-2 (Briefings) in Tysons Corner, VA; the world's premier 
technical IT security event.  Modeled after the famous Black Hat event in 
Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.  
Symantec is the Diamond sponsor.  Early-bird registration ends September 6.Visit us: www.blackhat.com
----------------------------------------------------------------------------