[Dshield] Re: A lot of spoofing

Bob Konigsberg bobk at networkeval.com
Wed Mar 20 16:25:50 GMT 2002


Responding to Malcolm Joosse's post with respect to tracking down the actual
source of these packets.

I made a similar request of our ISP last year, and their response was to ask
whether or not we're willing to spend the money to prosecute.  Their reasoning
is that there is SO much of this stuff going on (you should see my logs), that
they're only willing to spend the time (both they and any other ISP's
potentially involved) if the end customer is willing to go to the mat and
prosecute.

As for the nature of the attack - this is JUST a guess, but it might be a
fishing expedition.  Double check on whether these packets are coming from the
inside or outside.  I've seen firewall-1 for example log internal NB broadcasts
as hostile packets, where there was no actual attack going on.
  __
 /_/ _   /_
/_/ /_/ /_/




More information about the list mailing list