[Dshield] Scanning from 127.0.0.1

warpmedia warpmedia at comcast.net
Fri Sep 26 09:25:23 GMT 2003


Well, they certainly should not be routing private IP ranges in and out 
their routers. On the same token then should not let a packet leave that 
claims to originate outside their IP space. I know that I don't, that was 
lesson #1 when I setup my firewall.

What is need is more MSBlasters and news coverage that beats to death the 
reason it's possible. Of course the knee jerk reaction of the industry will 
be the draconian port blocking we have so far. Worse, since it work's, that 
we be how it's done from that point forward no matter who complains it 
blocks something legit.

We're in fro a bumpy ride either way!

At 20:35 9/25/2003, Jon R. Kibler wrote:
>Its simple: The remote IP is spoofed.
>
>As I said in my RANT on RBLs, if ISPs were to do even brain dead packet 
>filtering, we wouldn't have this problem.
>
>To answer your semi-question directly: Clearly, your ISP is ***NOT*** 
>repeat ***NOT*** doing their job properly. In fact, they are not even 
>doing a half A-ed job!
>
>Write the editor of your local paper and complain about how lame your ISP 
>is and how they are leaving you wide open to attack from virtually 
>untraceable sources.
>
>"The squeaky wheels get the grease."
>
>I am convinced that they only way that this group is ever going to have a 
>serious impact on network security (other than protecting our own rears) 
>is if we complain long and loud to the local media about every serious 
>security breech that would otherwise go unnoticed.
>
>We all need to become VERY NOISY squeaky wheels!

Joshua MacCraw
warpmedia at comcast.net
http://mywebpages.comcast.net/jmaccraw 




More information about the list mailing list