that will only stop spoofed packets from leaving your network. It wouldnt stop
the spoofed packets from DDOSing you to pieces.
that will only stop spoofed packets from leaving your network. It wouldnt stop
the spoofed packets from DDOSing you to pieces.
yeah I know. It was just a reference I came across. If implemented on a network it would prevent ppl from being annoying to others.Originally Posted by pogi_2nr
Jamrock, I still dont understand how a packet with destination 10.0.0.255 would be routed on the net to your machine. I didnt come across anything to suggest this.
The paranoia is reaching to Jamrock there
Clearly somebody hacked his isp and is routing those packets to him .
It is my understanding that addresses can be spoofed. One of the basic rules in a firewall script is to check for i.p. addresses orginating outside the machine that claim to be coming from the machine itself.Jamrock, I still dont understand how a packet with destination 10.0.0.255 would be routed on the net to your machine. I didnt come across anything to suggest this.
I cannot tell you how it is being done. I can only say that my firewall's logs say that these addresses are being blocked.
Hey Gillion. What is your take on this?
Perhaps... Perhaps not... When was the last time you reviewed your firewall's logs?The paranoia is reaching to Jamrock there
Have you seen anything interesting in your logs?Anyhow! I think I'll take that advice, I'll hold off the clients and watch the firewall logs for sometime.
nope, nothing interesting! not even an anonymous ping. Its only been going for a week though, think im going to observe for another week.Originally Posted by jamrock
Double check your firewall rules. Make sure your firewall is logging packets and not just dropping them.
OK.. I think its configured to log everything. To be sure I'll hit it with stuff from work and check it later.
Did some probes on the firewall from work. Tried to abuse it as much as I could, I saw most of the abuse in the logs. I havn't tried any penetration attacks was too bored to bother.
EDIT:
I forgot, I will be using nessus to do some more detailed probing later. Maybe I should install those sever apps while trying this, or maybe I should try a before and after test. With the before being without the samba and all. In any case u'll know my finds.
Last edited by leoandru; Jan 5, 2006 at 12:17 AM.
Will this box be up 24/7?
we should link up via gre
yeah its on 24/7 its the network router.. (that reminds me that I need to get a silent fan for it).Originally Posted by pogi_2nr
gre ? Heard about it before but never used it (some tunneling protocol right?).