Bugtraq mailing list archives
Re: nuke
From: rowan () iconz co nz (Rowan Smith)
Date: Mon, 24 Jun 1996 19:11:14 +1200
On Fri, 21 Jun 1996, *Hobbit* wrote:
Why the people running IRC servers are allowing "their-own-net" spoofed
Well we don't. I had a look at a packet dump one day using etherfind, I unfortunately don't know enough about IP to explain this properly but there were two parts to the packet, the ICMP part and the IP part. The IP part had a fake SRC address that was NOT in our network, the ICMP part had a SRC address (and Destination Address) that was in our Network. We have configured the Ciscos to drop any packets with a SRC address that is within our local network at the gateway, my guess is that the Ciscos are not looking at the Second set of IP addresses. Like I said I don't know enough about it, my solution was simple, I droped all ICMP destined for Auckland.NZ.Undernet.ORG, but its not the solution I really had wanted. -Rowan
Current thread:
- Re: Router programming,source routes and spoofed ICMP attacks., (continued)
- Re: Router programming,source routes and spoofed ICMP attacks. Brian Mitchell (Jun 20)
- Re: Router programming,source routes and spoofed ICMP attacks. Alan Brown (Jun 22)
- Re: Router programming,source routes and spoofed ICMP attacks. Brian Mitchell (Jun 24)
- Re: Router programming,source routes and spoofed ICMP attacks. Brian Mitchell (Jun 20)
- Re: Router programming,source routes and spoofed ICMP attacks. Cyrus Durgin (Jun 20)
- Re: Router programming,source routes and spoofed ICMP attacks. Yiorgos Adamopoulos (Jun 21)
- Administratrivia Aleph One (Jun 21)
- Write-only devices (Was read only devices) Paul C Leyland (Jun 21)
- Re: Write-only devices (Was read only devices) Piete Brooks (Jun 21)
- Re: Write-only devices (Was read only devices) [via LSMTP - see Paul C Leyland (Jun 24)
- nuke *Hobbit* (Jun 21)
- Re: nuke Rowan Smith (Jun 24)
- Re: nuke Vadim Kolontsov (Jun 24)
- Re: nuke Chris A. Petro (Jun 26)