Bugtraq mailing list archives

Re: nuke

From: rowan () iconz co nz (Rowan Smith)
Date: Mon, 24 Jun 1996 19:11:14 +1200


On Fri, 21 Jun 1996, *Hobbit* wrote:

Why the people running IRC servers are allowing "their-own-net" spoofed


Well we don't. I had a look at a packet dump one day using etherfind,
I unfortunately don't know enough about IP to explain this properly but
there were two parts to the packet, the ICMP part and the IP part.

The IP part had a fake SRC address that was NOT in our network, the ICMP
part had a SRC address (and Destination Address) that was in our Network.

We have configured the Ciscos to drop any packets with a SRC address that
is within our local network at the gateway, my guess is that the Ciscos
are not looking at the Second set of IP addresses.

Like I said I don't know enough about it, my solution was simple, I droped
all ICMP destined for Auckland.NZ.Undernet.ORG, but its not the solution I
really had wanted.

-Rowan

Current thread:

Re: Router programming,source routes and spoofed ICMP attacks., (continued)
- - Re: Router programming,source routes and spoofed ICMP attacks. Brian Mitchell (Jun 20)
    - Re: Router programming,source routes and spoofed ICMP attacks. Alan Brown (Jun 22)
    - Re: Router programming,source routes and spoofed ICMP attacks. Brian Mitchell (Jun 24)
  - Re: Router programming,source routes and spoofed ICMP attacks. Cyrus Durgin (Jun 20)
    - Re: Router programming,source routes and spoofed ICMP attacks. Yiorgos Adamopoulos (Jun 21)
    - Administratrivia Aleph One (Jun 21)
    - Write-only devices (Was read only devices) Paul C Leyland (Jun 21)
    - Re: Write-only devices (Was read only devices) Piete Brooks (Jun 21)
    - Re: Write-only devices (Was read only devices) [via LSMTP - see Paul C Leyland (Jun 24)
    - nuke *Hobbit* (Jun 21)
    - Re: nuke Rowan Smith (Jun 24)
    - Re: nuke Vadim Kolontsov (Jun 24)
    - Re: nuke Chris A. Petro (Jun 26)
- Re: Sendmail 6.x+ holes? Security Mailing Lists (Jun 21)