[Dshield] Alot of spoofing

Malcolm Joosse malcolm at hotlinesupport.com
Wed Mar 20 06:30:18 GMT 2002


Hello all,
We are seeing alot of spoofed address attempts on our firewalls external
interface.
I am seeing some of our internal valid IP addresses being attempted to
connect to one of our valid class C broadcast address (.255) on ports
137& 138.  While I know that these ports are used by MS NetBIOS, I
cannot understand why these people are being so persistant.  I have seen
them use many different internal addresses and it happens about once
every 2 minutes.  I am hoping that my firewall is doing the job of
protecting the network.
Does anyone know what this might be ?
Is there any way to find out their real IP address ?

Thanks
Malcolm




More information about the list mailing list