Perhaps you can help me out of my trouble. Since several weeks we are getting SYN responses from Hosts that were under a DOS attack. The attacker used our IP-Addresses as the spoofed source IP and Port 80 as the source port. Everything I can find is how to survive when I am the attacked network. How can I prevent to get these stupid responses to my network. This is really annoying. One of the hosts was in the Cerf-Net which is now handled by AT&T. These people are pretty arrogant and delete every mail I sent to the administrators of the network just immediately after arriving.
We had another system identified in Sweden which was powered off and disconnected. Meanwhile this IP address is gone from our blocking list. We run SuSE 7.3 with Iptables. Also Snort and are blocking some data already on our CISCO border router. I have no idea anymore how to kill these packets. Any help is really well appreciated. Thanks to all of you, Jochen Grotepass SAGA D.C. GmbH
