[Dshield] Repeated spoofed address attempts

Stigers, David dstigers at KACO.org
Wed May 8 14:35:55 GMT 2002


Yesterday our network firewall (Watchguard Firebox II) intercepted several
thousand attempts from spoofed addresses. Does anyone know why this would be
happening or how I would attempt to locate the "mis"-user doing this. Now
they did not get through on these attempts...or at least they all were
denied. I have not been able to configure snort to work on our system
correctly so I'll only post a few of the logs in the Watchguard format.
These ran for 303 pages of logs (approx. 6000+ attempts). Oddly enough, this
is not our ip address (the second one) and I know this is just a ping back
from an email site or at least that is what I thought it was.
Any input would be appreciated.


05/07/02 14:02  firewalld[105]:  deny out eth1 78 udp 20 128 169.254.252.168
169.254.255.255 137 137 (spoofed source address)
05/07/02 14:02  firewalld[105]:  deny out eth1 78 udp 20 127 169.254.252.168
169.254.255.255 137 137 (spoofed source address)
05/07/02 14:02  firewalld[105]:  deny out eth1 78 udp 20 128 169.254.177.208
169.254.255.255 137 137 (spoofed source address)
05/07/02 14:02  firewalld[105]:  deny out eth1 78 udp 20 127 169.254.177.208
169.254.255.255 137 137 (spoofed source address)
05/07/02 14:02  firewalld[105]:  deny out eth1 78 udp 20 128 169.254.252.168
169.254.255.255 137 137 (spoofed source address)
05/07/02 14:02  firewalld[105]:  deny out eth1 78 udp 20 127 169.254.252.168
169.254.255.255 137 137 (spoofed source address)
05/07/02 14:02  firewalld[105]:  deny out eth1 78 udp 20 128 169.254.177.208
169.254.255.255 137 137 (spoofed source address)
05/07/02 14:02  firewalld[105]:  deny out eth1 78 udp 20 127 169.254.177.208
169.254.255.255 137 137 (spoofed source address)
05/07/02 14:02  firewalld[105]:  deny out eth1 78 udp 20 128 169.254.164.183
169.254.255.255 137 137 (spoofed source address)
05/07/02 14:02  firewalld[105]:  deny out eth1 78 udp 20 127 169.254.164.183
169.254.255.255 137 137 (spoofed source address)


 
 "Patience and perseverance have a magical effect before
    which difficulties disappear and obstacles vanish."
          - John Quincy Adams
________________________________________ 
David E. Stigers 
IT Manager 
KY Association of Counties 
 
________________________________________ 




More information about the list mailing list