Snort mailing list archives
Re: IP spoofing
From: Jose Maria Lopez <jkerouac () bgsec com>
Date: 10 Oct 2004 15:42:32 +0200
El jue, 07 de 10 de 2004 a las 21:01, Aguiar Magalhaes escribió:
Hi snorters, I'm receiving a lot of PING NMAP alerts... The source IPs are spoofed How can I to know the true source IP of these attacks ?? Please, help me ...
If the machine that it's pinging you is spoofing the source address it's very likely that it's using decoys (nmap -D) to ping you. You can try to check the TTL of the packets and something like GeoIP to see if the IP it's coming from the place it should be. Have in mind that I never tried to do so, so it's just a guess. -- Jose Maria Lopez Hernandez Director Tecnico de bgSEC jkerouac () bgsec com bgSEC Seguridad y Consultoria de Sistemas Informaticos http://www.bgsec.com ESPAÑA The only people for me are the mad ones -- the ones who are mad to live, mad to talk, mad to be saved, desirous of everything at the same time, the ones who never yawn or say a commonplace thing, but burn, burn, burn like fabulous yellow Roman candles. -- Jack Kerouac, "On the Road" ------------------------------------------------------- This SF.net email is sponsored by: IT Product Guide on ITManagersJournal Use IT products in your business? Tell us what you think of them. Give us Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more http://productguide.itmanagersjournal.com/guidepromo.tmpl _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- IP spoofing Aguiar Magalhaes (Oct 07)
- Re: IP spoofing Matt Kettler (Oct 07)
- Help with windows XP pro Mario Guerendo (Oct 07)
- Re: Help with windows XP pro Paul Martin (Oct 08)
- RE: Help with windows XP pro Michael Steele (Oct 08)
- Re: Help with windows XP pro Paul Martin (Oct 08)
- Re: IP spoofing O-Zone (Oct 08)
- Re: IP spoofing Jose Maria Lopez (Oct 10)