[plug] Spoofed packets

McMeikan, Andrew andrew.mcmeikan at mitswa.com.au
Thu Jun 1 15:22:47 WST 2000


Interesting,
	I did not think that a 192.168 would resolve to anything either

[rs.internic.net]
   Server Name: NS.MDSOLUTIONS.ORG
   IP Address: 192.168.1.6
   Registrar: REGISTER.COM, INC.
   Whois Server: whois.register.com
   Referral URL: www.register.com

an alternative is that there is some hardware on your network somewhere
doing it.

	cya,	Andrew...

> -----Original Message-----
> From:	Earnshaw, Mike [SMTP:earnshawm at wa.switch.aust.com]
> Sent:	Thursday, June 01, 2000 3:06 PM
> To:	PLUG (E-mail)
> Subject:	[plug] Spoofed packets
> 
> List,
> 
> Monitoring the logs recently I see lots of attempts from 192.168.1.6:80
> to weird ports (>62k) on our ISP permanent assigned IP. Showing my
> ignorance, I assume these are spoofed packets since they are the private
> C which should be dropped?
> 
> I traceroute the number and it goes back to somewhere in Melbourne
> before I loose it.
> 
> Most of these "attacks" come in the middle of the night. Is there a way
> (is it worth it?) that I can catch the "real" person and follow it back?
> 
> I'm just paranoid about somebody getting in and want to slap them with a
> rotten dead fish or something ....
> 
> Thanks
> 
> ------------------------------------------------------------------------
> ----
> Mike Earnshaw       | "It don't mean a thing if     | e-mail in header
> Computer Systems    | you cain't get that Ping...." | Tel: +61 8 9256
> 1099
>   Support           |    Duke Ellington, 1932       | Fax: +61 8 9256
> 1199
> ------------------------------------------------------------------------
> ----
> Union Switch & Signal, 24 Bannick Court, Canning Vale, WA 6155,
> Australia
> ------------------------------------------------------------------------
> ----



More information about the plug mailing list