On Mon, 13 Jul 1998, Ludwig Pummer wrote:
> My guess is someone either a) has an incorrectly set firewall/proxy gateway
> system or b) is trying to hack/break your machine
> My guess is that it's b), since people who try to hack/break your machine
> try to hide who they are by spoofing their IP.
I have a number of machines attached to a private network with a reserved
address range in use -- I have ipfw set up to reject packets from that
address range coming from the exposed interfaces on the big bad internet.
I often see ipfw accounting entries from rejected packets that are
addressed to or from the reserved address range on the outside interfaces.
I've never caught any in a sniffer, but then, I have never tried.
I suggest everyone verify their ipfw/border router filters to make sure
they are rejecting appropriate ranges of addresses!
Robert N Watson
Carnegie Mellon University http://www.cmu.edu/
TIS Labs at Network Associates, Inc. http://www.tis.com/
SafePort Network Services http://www.safeport.com/
robert@fledge.watson.org http://www.watson.org/~robert/
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message