[plug] Spoofed packets
McMeikan, Andrew
andrew.mcmeikan at mitswa.com.au
Thu Jun 1 15:22:47 WST 2000
Interesting,
I did not think that a 192.168 would resolve to anything either
[rs.internic.net]
Server Name: NS.MDSOLUTIONS.ORG
IP Address: 192.168.1.6
Registrar: REGISTER.COM, INC.
Whois Server: whois.register.com
Referral URL: www.register.com
an alternative is that there is some hardware on your network somewhere
doing it.
cya, Andrew...
> -----Original Message-----
> From: Earnshaw, Mike [SMTP:earnshawm at wa.switch.aust.com]
> Sent: Thursday, June 01, 2000 3:06 PM
> To: PLUG (E-mail)
> Subject: [plug] Spoofed packets
>
> List,
>
> Monitoring the logs recently I see lots of attempts from 192.168.1.6:80
> to weird ports (>62k) on our ISP permanent assigned IP. Showing my
> ignorance, I assume these are spoofed packets since they are the private
> C which should be dropped?
>
> I traceroute the number and it goes back to somewhere in Melbourne
> before I loose it.
>
> Most of these "attacks" come in the middle of the night. Is there a way
> (is it worth it?) that I can catch the "real" person and follow it back?
>
> I'm just paranoid about somebody getting in and want to slap them with a
> rotten dead fish or something ....
>
> Thanks
>
> ------------------------------------------------------------------------
> ----
> Mike Earnshaw | "It don't mean a thing if | e-mail in header
> Computer Systems | you cain't get that Ping...." | Tel: +61 8 9256
> 1099
> Support | Duke Ellington, 1932 | Fax: +61 8 9256
> 1199
> ------------------------------------------------------------------------
> ----
> Union Switch & Signal, 24 Bannick Court, Canning Vale, WA 6155,
> Australia
> ------------------------------------------------------------------------
> ----
More information about the plug
mailing list