Security Basics mailing list archives
Re: Is anyone else seeing SMURF ?
From: blather <blather () kcgeek com>
Date: Wed, 27 Aug 2003 12:39:33 -0500
I'm seeing these: Aug 27 12:35:02 whiskey /kernel: ipfw: 6400 Deny ICMP:8.0 66.143.190.199 [obs.fus.cate.d] in via xl0 ...193 since the log rolled over at noon today. On Wed, Aug 27, 2003 at 03:04:24PM -0400, Tomas Wolf whispered across the ether:
Well any router and firewall should have the ability to recongnize that if on interface1 comes something that has source as if it was from the network of interface2, it won't let it through.. Simple access list should do this, and also not allowing anything with your LAN broadcast from the WAN interface. And what protocol does it use? Tomas SVater () oh hra com wrote:Over the last month, I increasing numbers of Smurf trying to come in on my home firewall, all on Port 0. From what I have seen & read, this is a pretty old vulnerability that has been patched. Is this a new hole? I went from seeing one in a month to 40 (different IPs) just this weekend over a 72 hr period. All coming from my local area (guessing just on the info that I pull from GeoBytes.com). Anyone else seeing this ? Sean "Eagles may soar but weasels don't get sucked into jet engines." Steven Wright ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote also confirms that this email message has been swept by MIMEsweeper for the presence of computer viruses. ********************************************************************** --------------------------------------------------------------------------- Attend Black Hat Briefings & Training Federal, September 29-30 (Training), October 1-2 (Briefings) in Tysons Corner, VA; the world's premier technical IT security event. Modeled after the famous Black Hat event in Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors. Symantec is the Diamond sponsor. Early-bird registration ends September 6.Visit us: www.blackhat.com ------------------------------------------------------------------------------------------------------------------------------------------------------- Attend Black Hat Briefings & Training Federal, September 29-30 (Training), October 1-2 (Briefings) in Tysons Corner, VA; the world's premier technical IT security event. Modeled after the famous Black Hat event in Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors. Symantec is the Diamond sponsor. Early-bird registration ends September 6.Visit us: www.blackhat.com ----------------------------------------------------------------------------
--------------------------------------------------------------------------- Attend Black Hat Briefings & Training Federal, September 29-30 (Training), October 1-2 (Briefings) in Tysons Corner, VA; the world's premier technical IT security event. Modeled after the famous Black Hat event in Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors. Symantec is the Diamond sponsor. Early-bird registration ends September 6.Visit us: www.blackhat.com ----------------------------------------------------------------------------
Current thread:
- Is anyone else seeing SMURF ? SVater (Aug 26)
- Re: Is anyone else seeing SMURF ? Logan Rogers-Follis - TNTNetworx.net (Aug 26)
- Re: Is anyone else seeing SMURF ? Jamie Pratt (Aug 26)
- RE: Is anyone else seeing SMURF ? Dougal McWhinney (Aug 27)
- Re: Is anyone else seeing SMURF ? Ramiro Alejos (Aug 27)
- Re: Is anyone else seeing SMURF ? Logan Rogers-Follis (Aug 27)
- Re: Is anyone else seeing SMURF ? Jamie Pratt (Aug 26)
- Re: Is anyone else seeing SMURF ? Tomas Wolf (Aug 27)
- Re: Is anyone else seeing SMURF ? blather (Aug 27)
- Re: Is anyone else seeing SMURF ? GSimmonds (Aug 28)
- <Possible follow-ups>
- RE: Is anyone else seeing SMURF ? Jeremy Counter (Aug 26)
- Re: Is anyone else seeing SMURF ? Logan Rogers-Follis - TNTNetworx.net (Aug 26)