Stu said:
I am getting a tremendous amount of spoofed traffic on my external
interface.
ALARM NO: 4
DATE: Friday, Nov 7, 2003
TIME: 08:59:35
INTERFACE: EXT (xl2)
ALARM TYPE: Possible spoof
IP PACKET: TCP [127.0.0.1/80]-->[xxx.xx.xxx.xx/1852] l=0 f=0x14
� 60; [localhost/80]-->[xxx.xx.xxx.xx/1852]
The xxx.xx.xxx.xx address is in our range but the host doesn't exist.
Suspect that this was a probe of sorts ... but from where ...inside the isp?
How is it possible for a loopback address to be received on the ext port?
Any Ideas?
Solution Finders
[EMAIL PROTECTED]
[EMAIL PROTECTED]
http://solutionfinders.za.net
http://www.solutionfinders.co.za
Phone: 27 82 576 1693
Cell/Handi/Mobile: 27 82 576 1693
Facsimile:Local 086 672 2740
International +27 86 672 2740
ICQ 286163
Smile - it makes people wonder what you have been up to!This message contains
information, which may be confidential and subject to legal privilege. If
you are not the intended recipient, you may not peruse, use, disseminate,
distribute or copy this message. If you have received this message in error,
please notify the sender immediately by email, facsimile or telephone and
return or destroy the original message. Thank you.
> <?xml version="1.0" ?><html>
> <head>
> <title></title>
> </head>
> <body>
> <div align="left"><font face="Arial"><span style="font-size:16pt">I am getting a
> tremendous amount of
> spoofed traffic on  my external interface. </span></font></div>
> <div align="left"><font face="Arial" size="3"><span style="font-size:12pt">ALARM
> NO: 4 </span></font></div>
> <div align="left"><font face="Arial" size="3"><span
> style="font-size:12pt">         DATE:
> Friday, Nov  7, 2003 </span></font></div>
> <div align="left"><font face="Arial" size="3"><span
> style="font-size:12pt">         TIME:
> 08:59:35 </span></font></div>
> <div align="left"><font face="Arial" size="3"><span
> style="font-size:12pt">    INTERFACE: EXT (xl2)
> </span></font></div>
> <div align="left"><font face="Arial" size="3"><span
> style="font-size:12pt">   ALARM TYPE: Possible spoof
> </span></font></div>
> <div align="left"><font face="Arial" size="3"><span
> style="font-size:12pt">    IP PACKET: TCP 
> [127.0.0.1/80]-->[xxx.xx.xxx.xx/1852]
> l=0 f=0x14 </span></font></div>
> <div align="left"><font face="Arial" size="3"><span
> style="font-size:12pt">         
> 60;         
> [localhost/80]-->[xxx.xx.xxx.xx/1852] </span></font></div>
> <div align="left"><br/>
> </div>
> <div align="left"><font face="Arial" size="3"><span style="font-size:12pt">The
> xxx.xx.xxx.xx address is in our range but the host
> doesn't exist.  </span></font></div>
> <div align="left"><font face="Arial" size="3"><span
> style="font-size:12pt">Suspect that this was a probe of sorts ... but from where
> ...inside the isp? </span></font></div>
> <div align="left"><br/>
> </div>
> <div align="left"><font face="Arial" size="3"><span style="font-size:12pt">How
> is it possible for a loopback address to be received on
> the ext port? </span></font></div>
> <div align="left"><br/>
> </div>
> <div align="left"><font face="Arial" size="3"><span style="font-size:12pt">Any
> Ideas? </span></font></div>
> <div align="left"><br/></div>
> <div align="left"><br/></div>
> <div align="left"><font face="Arial" size="3"><span
> style="font-size:12pt">Solution Finders</span></font></div>
> <div align="left"><font face="Arial" size="3"><span
> style="font-size:12pt">[EMAIL PROTECTED]</span></font></div>
> <div align="left"><font face="Arial" size="3"><span
> style="font-size:12pt">[EMAIL PROTECTED]</span></font></div>
> <div align="left"><a href="http://solutionfinders.za.net";><font face="Arial"
> size="3"><span
> style="font-size:12pt"><u>http://solutionfinders.za.net</u></span></font></a></d
> iv>
> <div align="left"><font face="Arial" size="3"><span
> style="font-size:12pt">http://www.solutionfinders.co.za</span></font></div>
> <div align="left"><font face="Arial" size="3"><span
> style="font-size:12pt">Phone: 27 82 576 1693   </span></font></div>
> <div align="left"><font face="Arial" size="3"><span
> style="font-size:12pt">Cell/Handi/Mobile: 27 82 576 1693 </span></font></div>
> <div align="left"><font face="Arial" size="3"><span
> style="font-size:12pt">Facsimile:Local  086 672 2740
>      </span></font></div>
> <div align="left" style="margin-left=13mm; margin-right=0mm;
> text-indent=0mm"><font face="Arial" size="3"><span
> style="font-size:12pt">     International
> +27 86 672 2740</span></font></div>
> <div align="left"><font face="Arial" size="3"><span style="font-size:12pt">ICQ
> 286163 </span></font></div>
> <div align="left"><font face="Arial" size="3"><span style="font-size:12pt">Smile
> - it makes people wonder what you have been up
> to!This message contains information, which may be
> confidential and subject to legal privilege.  If you are not the
> intended recipient, you may not peruse, use, disseminate,
> distribute or copy this message.  If you have received this
> message in error, please notify the sender immediately by
> email, facsimile or telephone and return or destroy the
> original message.  Thank you.</span></font></div>
> </body>
> </html>
>
> ------------------------------------------------------
> To unsubscribe: [EMAIL PROTECTED]
> For additional commands: [EMAIL PROTECTED]
> Archive: http://archives.gnatbox.com/gb-users/
------------------------------------------------------
To unsubscribe: [EMAIL PROTECTED]
For additional commands: [EMAIL PROTECTED]
Archive: http://archives.gnatbox.com/gb-users/
