Tracking stealth portscan/pepsi attacks
Poul-Henning Kamp phk at critter.freebsd.dk
Fri Sep 3 14:32:20 CEST 1999
In message <19990902114412.S13951 at Space.Net>, "Gert Doering, Netmaster" writes: >Interesting enough, we don't observe many attacks - what we do see is >LOTS of broken end user configurations (leaking RFC 1918 networks, >customers leaking IP addresses from other ISPs, ...). Talk about it. I don't log RFC1918 addresses anymore I just drop them. Some cheap NAT routers don't NAT UDP just pass it through. Most spoofed src attacks I've heard about happen from hi-jacked servers, so remember filters on your server parks too, in particular for co-hosted servers. -- Poul-Henning Kamp FreeBSD coreteam member phk at FreeBSD.ORG "Real hackers run -current on their laptop." FreeBSD -- It will take a long time before progress goes too far!
[ lir-wg Archives ]