Date: 21 Oct 2000 12:04:51 +0200 From: Dag-Erling Smorgrav <des@thinksec.com> To: "Chris" <mlnn4@oaks.com.au> Cc: <freebsd-security@FreeBSD.ORG> Subject: Re: Unexpected ICMP messages - is someone spoofing my subnet? Message-ID: <xzp1yxase64.fsf@des.thinksec.com> In-Reply-To: "Chris"'s message of "Sat, 21 Oct 2000 17:13:40 %2B1100" References: <007701c03b26$10c42560$023a1dac@dsat.net.au>
next in thread | previous in thread | raw e-mail | index | archive | help
"Chris" <mlnn4@oaks.com.au> writes: > Basically, I am getting perhaps 50 or 100 ICMP messages per day for a > number (more than 30) of IP addresses that have never at any time been > used by me. Somebody is running a DOS attack with spoofed source addresses, with a different address for every packet (router meltdown...) What you're seeing is the victim replying to spoofed packets that happen to have one of your IPs as source address. DES --=20 Dag-Erling Sm=F8rgrav - des@thinksec.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?xzp1yxase64.fsf>