Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: port 0 packets from bogon networks

From: "Joe Pampel" <joe () ardsley com>
Date: Fri, 23 Nov 2001 13:47:48 -0500
I know this isn't the NIDS helpline, but I am seeing a lot more of this sort of packet than usual. I stop them at the 
edge router with an ACL (per Rob Thomas) but I've never seen much action from this list. Today I am seeing a bunch and 
am just curious is anyone else is getting some action?  Maybe something's up, maybe I just ate too much yesterday. 
(maybe both?)
I normally would associate anything with a bad return address as some sort of DOS, but is there anything else you'd do 
to someone else from a spoofed &/or unroutable IP? 

A quick google yielded this http://www.sans.org/y2k/120700-1700.htm  which had some good points (perhaps it's someone 
trying to spoof my internal IP's.. except they are way way off.) 

Thx,

Joe




_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: