Tracking stealth portscan/pepsi attacks
Gert Doering, Netmaster netmaster at space.net
Thu Sep 2 11:44:12 CEST 1999
Hi,
On Thu, Sep 02, 1999 at 10:44:39AM +0100, Leigh Porter wrote:
> As a side note, does anybody use anything to prevent address spoofing in their
> network? That would at prevent a lot of attacks completly and make tracing the
> rest much easier.
Sure we do.
On our ingress interfaces to our customers, we have very strict access
lists ("permit ip <customer net> any / deny ip any any log").
On our external interfaces from our upstreams we deny packets with a
source address coming from one our network blocks.
Interesting enough, we don't observe many attacks - what we do see is
LOTS of broken end user configurations (leaking RFC 1918 networks,
customers leaking IP addresses from other ISPs, ...).
Gert Doering
-- NetMaster
--
SpaceNet GmbH Mail: netmaster at Space.Net
Joseph-Dollinger-Bogen 14 Tel : +49-89-32356-0
80807 Muenchen Fax : +49-89-32356-299
[ lir-wg Archives ]