RE: weird connection attempt

To: "Hal" <Klingons@speakeasy.org>, <debian-security@lists.debian.org>
Subject: RE: weird connection attempt
From: "Howland, Curtis" <howlandc@kvh.co.jp>
Date: Fri, 15 Mar 2002 09:01:58 +0900
Message-id: <[🔎] FBBD2DD3FF1ECA42817E762126D2FB0E05CAAA@jpkvhms2.tel.kvh.co.jp>

Many ISP's do not know enough to filter the RFC1918 space, or only do so on the border routers and not internally.

Another good idea is to filter out-going packets by source address, allowing through only those whose source is supposed to be inside the network.

Anything with a source of address which is RFC1918 is suspect.

> I run a potato server on an ethernet behind a firewall 
> connected by dsl to the internet.  The only service exposed 
> is ftp,  In the middle of last night ippl reported an ftp 
> connection attempt from 192.168.1,1   The network behind my 
> firewall uses 192.168.75.xx addressses for one Redhat and a 
> couple of Windows machines as well as the debian ftp server.  
> Any idea where the 192.168.1.1 attempt is coming from?  Is it 
> likely to have been spoofed over the internet as part of an attack?
> 
> -- 
> ---> Hal <---->  klingons@speakeasy.org <---

Reply to:

Prev by Date: Re: wierd connection attempt
Next by Date: Re: [SECURITY] [DSA 122-1] New zlib & other packages fix buffer overflow
Previous by thread: package-numbering
Next by thread: zlib && MALLOC_CHECK
Index(es):
- Date
- Thread