Well.
I asked the same once.
Its probably in the mail list archive, however for your convenience I attach the
following PDF file
Stephen J. Cooper
Senior Systems Analyst
Bank for International Settlements
Phone: +41 61 2806792
Fax: +41 61 2809100
This user's PGP Public Keys can be
obtained from certserver.pgp.com
>>> <[EMAIL PROTECTED]> 03/04/01 13:36:22 >>>
TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
[EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems!
----------------------------------------------------------------------------
Hi!
I recently have a report from RS Network Sensor 5.0 of SYNFlood
attack. The source address/port was 0.0.0.0/0, but in information
field there was a string which looked like "SPOOFEDSR 1.2.3.4".
Does it mean that the SYN packets were generated from address 1.2.3.4? If so, how
does RS resolve attacker's address?
Thanks,
Dmitry Maslakov
----------------------------------------
RJSC "Unified Energy System of Russia"
tel: +7-095-929-1618
fax: +7-095-206-8203
mail: [EMAIL PROTECTED]
DISCLAIMER: Any e-mail messages from the Bank for International Settlements are sent
in good faith, but shall not be binding nor construed as constituting any obligation
on the part of the Bank.
CONFIDENTIALITY NOTICE: This e-mail contains confidential information, which is
intended only for the use of the recipient(s) named above. If you have received this
communication in error, please notify the sender immediately via e-mail and return the
entire message. Thank you for your assistance.
synflood_tuning.pdf
