Tracking stealth portscan/pepsi attacks

In message <19990902114412.S13951 at Space.Net>, "Gert Doering, Netmaster" writes:

>Interesting enough, we don't observe many attacks - what we do see is
>LOTS of broken end user configurations (leaking RFC 1918 networks, 
>customers leaking IP addresses from other ISPs, ...).

Talk about it.  I don't log RFC1918 addresses anymore I just drop
them.  Some cheap NAT routers don't NAT UDP just pass it through.

Most spoofed src attacks I've heard about happen from hi-jacked
servers, so remember filters on your server parks too, in particular
for co-hosted servers.

--
Poul-Henning Kamp             FreeBSD coreteam member
phk at FreeBSD.ORG               "Real hackers run -current on their laptop."
FreeBSD -- It will take a long time before progress goes too far!