>From http://www.wittys.com/files/all-ip-numbers.txt , IP protocols 4 and 94
are used for IP-in-IP Encapsulation. SecuRemote uses IP protocol 94 when
you set it up to use FWZ (service object "FW1_Encapsulation".)
My ears are perking up a bit here, with the recent FWZ spoofing
vulnerability that was announced at Black Hat, however. It could be that
someone has got ahold of that exploit code, and is looking for vulnerable
firewalls (see last week's CP FW-1 Digest at securityportal.com for more
info.) Then again, it could just be some dufis with a mis-configured
SecuRemote client. Just my .02.
Jason
At 03:09 PM 8/3/00 -0700, Padden, Greg wrote:
> Has anyone every tried to trace the source of a spoofed DOS attack?
>I've got someone with a spoofed IP address trying to tunnel into my network
>with service 4 and 94. Is protocol 4 and 94 tunneling protocols?
>
> Attachment Converted: "C:\VISINET\EUDORA\attach2000\Padden,
Greg4.vcf"
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
