[Dshield] routing 192.168...?

Jim McCullough jim.mccullough at gmail.com
Mon May 2 06:43:15 GMT 2005


This is very possible.  Several scripts were available at one point in
time on multiple distribution sites across the internet in the
1997-1999 time frame.  These scripts could combine multiple attacks
such as teardrop, newtear, and ping of death with an option to supply
extra parameters into the packet.  Also included was an option to
include a spoof address into the packet sent.  Most of the script
kiddies will try to spoof their source address ( if worth half their
weight in salt ).  Only a truely "noob" kiddie would use their own ip
address.  Is it still a concern?  For some embedded OS devices it is. 
I know of several instances where MSDOS and OS2 are still in use for
production machinery.  These systems dont have patches applied very
often and are subject to remote attacks.  This is the main reason we
still see signature for attacks that are out of major circulation
being used.

Jim McCullough

On 5/2/05, Daniel Cherton <dcherton at aei.ca> wrote:
> Hi Mark,
> 
> I am not absolutely sure but, since it is a home network and I am using
> router/firewall and ZoneAlarm in every
> computer, I think it is coming from outside. I check setup and logs from
> ZoneAlarm and found nothing going out.
> Can it still be possible ?
> 
> Daniel
> 
> Mark Owen wrote:
> 
> >> Ping of Death Detect src:192.168.1.10:2961 dst:my-internet-ip:42617 Packet Dropped
> >>
> >>
> >
> >Are you sure it came from the untrust and not an internal network?
> >
> >--
> >Mark Owen
> >
> >-------------- Sponsor Message ------------------------------------
> >Join us at SANSFIRE 2005 in Atlanta!
> >The Internet Storm Center Conference.
> >Details: http://www.sans.org/sansfire2005
> >
> >_______________________________________________
> >send all posts to list at lists.dshield.org
> >To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list
> >
> >
> >
> >
> >
> 
> --
> No virus found in this outgoing message.
> Checked by AVG Anti-Virus.
> Version: 7.0.308 / Virus Database: 266.11.0 - Release Date: 4/29/2005
> 
> -------------- Sponsor Message ------------------------------------
> Join us at SANSFIRE 2005 in Atlanta!
> The Internet Storm Center Conference.
> Details: http://www.sans.org/sansfire2005
> 
> _______________________________________________
> send all posts to list at lists.dshield.org
> To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list
>




More information about the list mailing list