Re: Localhost packets on WAN

[Kirby Angell <kangell () alertra com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

In our case the WAN IP in question is for our backup connection and is
not published anywhere.  If this were a planned DDoS against us
specifically I would expect they would use the IP published by for our
web server.

Still might be an actual attack, but probably not a DDoS precursor.

spainsecurity-s.navarro wrote:
| This kind of traffic can be also the beginning of an attack to your
network.
| I've been seing this behavior in the past months in some networks I've
been
| monitoring (of my customers).
| Most of the times these spoofed addresses were the beginning of DDoS
attacks to
| hosting providers or just large networks.
| Your perimeter (firewall, router, whatever) should block these
packets, but in
| the case of a DDoS atack you are lost, unless you have great bandwidth
or you
| are monitoring carefuly to provide info to your ISP, in order to block
this
| traffic before reaching your firewall. ISP also should not allow
traffic from a
| loopback address.
| Hope this can help.

- --
Thank you,

Kirby Angell
Get notified anytime your website goes down!
http://www.alertra.com
key: 9004F4C0
fingerprint: DD7E E88D 7F50 2A1E 229D  836A DB5B A751 9004 F4C0
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFBXHY021unUZAE9MARAq0RAJ9W8AU9ghj89sVxIUHZs3Eqfc0BKQCbBOgi
N9LLr5XZhzJQ4JUrZLP4NT0=
=Ew8m
-----END PGP SIGNATURE-----