Tracking stealth portscan/pepsi attacks
Gert Doering, Netmaster netmaster at space.net
Thu Sep 2 11:44:12 CEST 1999
Hi, On Thu, Sep 02, 1999 at 10:44:39AM +0100, Leigh Porter wrote: > As a side note, does anybody use anything to prevent address spoofing in their > network? That would at prevent a lot of attacks completly and make tracing the > rest much easier. Sure we do. On our ingress interfaces to our customers, we have very strict access lists ("permit ip <customer net> any / deny ip any any log"). On our external interfaces from our upstreams we deny packets with a source address coming from one our network blocks. Interesting enough, we don't observe many attacks - what we do see is LOTS of broken end user configurations (leaking RFC 1918 networks, customers leaking IP addresses from other ISPs, ...). Gert Doering -- NetMaster -- SpaceNet GmbH Mail: netmaster at Space.Net Joseph-Dollinger-Bogen 14 Tel : +49-89-32356-0 80807 Muenchen Fax : +49-89-32356-299
[ lir-wg Archives ]