From owner-freebsd-security Tue Nov 16 18:51:50 1999 Delivered-To: freebsd-security@freebsd.org Received: from mta2.snfc21.pbi.net (mta2.snfc21.pbi.net [206.13.28.123]) by hub.freebsd.org (Postfix) with ESMTP id D6F8A14E13 for ; Tue, 16 Nov 1999 18:51:46 -0800 (PST) (envelope-from madscientist@thegrid.net) Received: from remus ([63.193.246.169]) by mta2.snfc21.pbi.net (Sun Internet Mail Server sims.3.5.1999.09.16.21.57.p8) with SMTP id <0FLB007GZMIZJ3@mta2.snfc21.pbi.net> for freebsd-security@freebsd.org; Tue, 16 Nov 1999 18:49:49 -0800 (PST) Date: Tue, 16 Nov 1999 18:47:49 -0800 From: The Mad Scientist Subject: Tracing Spoofed Packets X-Sender: i289861@mail.thegrid.net To: freebsd-security@freebsd.org Message-id: <4.1.19991116182120.0094d280@mail.thegrid.net> MIME-version: 1.0 X-Mailer: QUALCOMM Windows Eudora Pro Version 4.1 Content-type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I doubt it, but is there ANY way to trace spoofed packets coming in from the Internet? I've been getting these packets showing up at my boarder router pretty regularly for the past few days now: Nov 15 19:47:43 wormhole /kernel: icmp-response bandwidth limit 284/100 ppsNov 15 19:57:06 wormhole /kernel: ipfw: 400 Deny ICMP:3.13 10.1.6.6 10.0.1.2 in via ed0 Nov 15 19:57:37 wormhole last message repeated 36 times Nov 15 19:59:38 wormhole last message repeated 175 times Nov 15 20:00:53 wormhole last message repeated 96 times This goes on for about two hours. The logs don't show anything else abnormal from what I can discern. I don't see any performance hit or bandwidth drop, so it doesn't really bother me. I'd just like to figure out what's going on. Thanks in advance, -Dean To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message