[unisog] Windows Update

hermit921 hermit921 at yahoo.com
Thu Aug 14 20:29:17 GMT 2003


We have a list of valid internal subnets on a border firewall/router, so IP 
addresses from subnets not in use show up as spoofed.  Usual router setups 
probably wouldn't have this detail.  I am sure a lot of the packets were 
spoofed to valid subnets, too.

hermit921

At 04:05 PM 8/14/2003 -0400, Joel Gridley wrote:

>If I remember my anti-spoofing correctly, your routers will still
>pass the traffic since they would normally see those addresses
>on those interfaces. The msblast infected hosts spoof local subnet
>addresses, which wouldn't appear as 'spoofed' addresses to the
>router.
>
>-j
>
>
> >  So in theory if you have anti-spoofing enabled on your router
> >  interfaces, it should block a significant portion of the traffic.
> >
> > --
> >  John Meyers
> >  Computing Services
> >  Wright State University
> >



More information about the unisog mailing list