[Dshield] Re: A lot of spoofing
lrabon at netstream.ws
Wed Mar 20 20:19:50 GMT 2002
> Responding to Malcolm Joosse's post with respect to tracking
> down the actual
> source of these packets.
> I made a similar request of our ISP last year, and their
> response was to ask
> whether or not we're willing to spend the money to prosecute.
> Their reasoning
> is that there is SO much of this stuff going on (you should
> see my logs), that
> they're only willing to spend the time (both they and any other ISP's
> potentially involved) if the end customer is willing to go to
> the mat and
> As for the nature of the attack - this is JUST a guess, but
> it might be a
> fishing expedition. Double check on whether these packets
> are coming from the
> inside or outside. I've seen firewall-1 for example log
> internal NB broadcasts
> as hostile packets, where there was no actual attack going on.
One other note: you could (and should!) do ingress filtering on your router to block all the IANA-assigned private address blocks.
More information about the list