Security Incidents mailing list archives
Re: Localhost packets on WAN
From: Kirby Angell <kangell () alertra com>
Date: Thu, 30 Sep 2004 16:10:12 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 In our case the WAN IP in question is for our backup connection and is not published anywhere. If this were a planned DDoS against us specifically I would expect they would use the IP published by for our web server. Still might be an actual attack, but probably not a DDoS precursor. spainsecurity-s.navarro wrote: | This kind of traffic can be also the beginning of an attack to your network. | I've been seing this behavior in the past months in some networks I've been | monitoring (of my customers). | Most of the times these spoofed addresses were the beginning of DDoS attacks to | hosting providers or just large networks. | Your perimeter (firewall, router, whatever) should block these packets, but in | the case of a DDoS atack you are lost, unless you have great bandwidth or you | are monitoring carefuly to provide info to your ISP, in order to block this | traffic before reaching your firewall. ISP also should not allow traffic from a | loopback address. | Hope this can help. - -- Thank you, Kirby Angell Get notified anytime your website goes down! http://www.alertra.com key: 9004F4C0 fingerprint: DD7E E88D 7F50 2A1E 229D 836A DB5B A751 9004 F4C0 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFBXHY021unUZAE9MARAq0RAJ9W8AU9ghj89sVxIUHZs3Eqfc0BKQCbBOgi N9LLr5XZhzJQ4JUrZLP4NT0= =Ew8m -----END PGP SIGNATURE-----
Current thread:
- Re: Localhost packets on WAN Kirby Angell (Sep 30)
- <Possible follow-ups>
- RE: Localhost packets on WAN David Gillett (Sep 30)
- RE: Localhost packets on WAN James C Slora Jr (Oct 04)
- RE: Localhost packets on WAN James C Slora Jr (Oct 04)