Penetration Testing mailing list archives

Re: spoofing 255.255.255.255 techniques

From: Blake Frantz <blake () mc net>
Date: Thu, 5 Jul 2001 21:13:58 -0500 (CDT)

Our PIX does not indicate source or destination ports 
perhaps because the "IP spoof" criteria was already 
triggered in its logic chain, denying the packet and 
making a syslog entry.


It's been my experience that the PIX will not provide port information if
the packet is blocked by an ACL.  However, it *will* provide port
information if the packet is blocked because there is no "conduit"
allowing the traffic.

I'm not sure if the spoof detection mechanism supercedes this.

Hope this helps.

-Blake


--------------------------------------------------------------------------------------

This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service
For more information on SecurityFocus' SIA service which automatically alerts you to 
the latest security vulnerabilities please see:

https://alerts.securityfocus.com/

Current thread:

spoofing 255.255.255.255 techniques Curt Wilson (Jul 05)
- Re: spoofing 255.255.255.255 techniques Blake Frantz (Jul 06)
- <Possible follow-ups>
- Fwd: Re: spoofing 255.255.255.255 techniques MIKE DONOFRIO (Jul 06)
  - Re: Fwd: Re: spoofing 255.255.255.255 techniques Jason Ackley (Jul 07)
- RE: Re: spoofing 255.255.255.255 techniques Erik Nodland (Jul 11)
  - Re: Re: spoofing 255.255.255.255 techniques Ron Russell (Jul 12)