Date: Mon, 13 Jul 1998 19:58:20 -0400 (EDT) From: Robert Watson <robert@cyrus.watson.org> To: Ludwig Pummer <ludwigp@bigfoot.com> Cc: Alexander Kandelaki <stealth@sanet.ge>, freebsd-security@FreeBSD.ORG Subject: Re: Question... Message-ID: <Pine.BSF.3.96.980713195634.8340D-100000@fledge.watson.org> In-Reply-To: <3.0.3.32.19980713104816.03203d78@mail.plstn1.sfba.home.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 13 Jul 1998, Ludwig Pummer wrote: > My guess is someone either a) has an incorrectly set firewall/proxy gateway > system or b) is trying to hack/break your machine > My guess is that it's b), since people who try to hack/break your machine > try to hide who they are by spoofing their IP. I have a number of machines attached to a private network with a reserved address range in use -- I have ipfw set up to reject packets from that address range coming from the exposed interfaces on the big bad internet. I often see ipfw accounting entries from rejected packets that are addressed to or from the reserved address range on the outside interfaces. I've never caught any in a sniffer, but then, I have never tried. I suggest everyone verify their ipfw/border router filters to make sure they are rejecting appropriate ranges of addresses! Robert N Watson Carnegie Mellon University http://www.cmu.edu/ TIS Labs at Network Associates, Inc. http://www.tis.com/ SafePort Network Services http://www.safeport.com/ robert@fledge.watson.org http://www.watson.org/~robert/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.980713195634.8340D-100000>