Tracking stealth portscan/pepsi attacks
Jonas Luster jonas at qad.org
Thu Sep 2 11:28:55 CEST 1999
[ Quoting Leigh Porter <leigh at insnet.net> ]: > As a side note, does anybody use anything to prevent address spoofing in their > network? That would at prevent a lot of attacks completly and make tracing the > rest much easier. We're in a switched network so Spoofing is only possible by ARP-Hijackiking. To prevent such attacks I've coupled Arpwatch, Hunt and some selfmade tools to inject NULL-Routes against any source of more than 30 Flip-Flops in a given time. Until now I only had one false positive and three false negatives. jonas
[ lir-wg Archives ]