[unisog] ICMP Worm activity?

Kang Liu liukang at bjpu.edu.cn
Tue Nov 23 04:58:36 GMT 2004


Have you tried "Unicast Reverse Path Forwarding"? I mean if you're using
devices from Cisco. I think it could prevent almost all kinds of source
spoofed attack.

> -----Original Message-----
> From: unisog-bounces at lists.sans.org [mailto:unisog-bounces at lists.sans.org]
> On Behalf Of DelVecchio, Anthony R.
> Sent: Tuesday, November 23, 2004 5:55 AM
> To: 'UNIversity Security Operations Group'
> Subject: RE: [unisog] ICMP Worm activity?
> 
> The source addresses and the destination addresses are not ours.
> Fortuntely
> I don't let source spoofed addresses off campus.  Right now I'm moving my
> anti-spoof ACL from vlan to vlan in hopes that I can find the network the
> traffic is coming from.
> 
> With my luck, it's probably one of our law students with a compromised
> notebook and the student will leave before I get a bead on it.
> 
> 
> >
> _______________________________________________
> unisog mailing list
> unisog at lists.sans.org
> http://www.dshield.org/mailman/listinfo/unisog
> _______________________________________________
> unisog mailing list
> unisog at lists.sans.org
> http://www.dshield.org/mailman/listinfo/unisog





More information about the unisog mailing list