Routing Help!

**pogi_2nr** · Jan 3, 2006, 08:14 AM

that will only stop spoofed packets from leaving your network. It wouldnt stop
the spoofed packets from DDOSing you to pieces.

**leoandru** · Jan 3, 2006, 08:32 AM

Originally Posted by pogi_2nr

that will only stop spoofed packets from leaving your network. It wouldnt stop
the spoofed packets from DDOSing you to pieces.

yeah I know. It was just a reference I came across. If implemented on a network it would prevent ppl from being annoying to others.

Jamrock, I still dont understand how a packet with destination 10.0.0.255 would be routed on the net to your machine. I didnt come across anything to suggest this.

**pogi_2nr** · Jan 3, 2006, 08:43 AM

The paranoia is reaching to Jamrock there

Clearly somebody hacked his isp and is routing those packets to him

.

**jamrock** · Jan 3, 2006, 09:21 PM

Jamrock, I still dont understand how a packet with destination 10.0.0.255 would be routed on the net to your machine. I didnt come across anything to suggest this.

It is my understanding that addresses can be spoofed. One of the basic rules in a firewall script is to check for i.p. addresses orginating outside the machine that claim to be coming from the machine itself.

I cannot tell you how it is being done. I can only say that my firewall's logs say that these addresses are being blocked.

Hey Gillion. What is your take on this?

The paranoia is reaching to Jamrock there

Perhaps... Perhaps not... When was the last time you reviewed your firewall's logs?

Anyhow! I think I'll take that advice, I'll hold off the clients and watch the firewall logs for sometime.

Have you seen anything interesting in your logs?

**leoandru** · Jan 3, 2006, 10:46 PM

Originally Posted by jamrock

Have you seen anything interesting in your logs?

nope, nothing interesting! not even an anonymous ping. Its only been going for a week though, think im going to observe for another week.

**jamrock** · Jan 4, 2006, 12:21 AM

Double check your firewall rules. Make sure your firewall is logging packets and not just dropping them.

**leoandru** · Jan 4, 2006, 10:17 AM

OK.. I think its configured to log everything. To be sure I'll hit it with stuff from work and check it later.

**leoandru** · Jan 4, 2006, 11:37 PM

Did some probes on the firewall from work. Tried to abuse it as much as I could, I saw most of the abuse in the logs. I havn't tried any penetration attacks was too bored to bother.

EDIT:

I forgot, I will be using nessus to do some more detailed probing later. Maybe I should install those sever apps while trying this, or maybe I should try a before and after test. With the before being without the samba and all. In any case u'll know my finds.

**pogi_2nr** · Jan 5, 2006, 08:26 AM

Will this box be up 24/7?

we should link up via gre

**leoandru** · Jan 5, 2006, 10:23 AM

Originally Posted by pogi_2nr

Will this box be up 24/7?

we should link up via gre

yeah its on 24/7 its the network router.. (that reminds me that I need to get a silent fan for it).
gre ? Heard about it before but never used it (some tunneling protocol right?).

Thread: Routing Help!

Thread Tools

Posting Permissions

Options

About

Social Media