[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW1] Spoofing Issue
-----BEGIN PGP SIGNED MESSAGE----- Hi, > You get the picture. My anti-spoofing rules are dropping this traffic but > is there an easy (or not so easy) way to determine the real source > address? > Do I need to place a sniffer on the outside and capture the traffic or can > I > get this info from the firewall somehow? You can trace all the traffic with packetsniffer like windump or tcpdump (depending on your OS) and search for Packets wiht the same destination and protocol but a different IP. My supposition is. There was a attacker who used nmap and sended you some packets with faked sourceadress. This is normal today. regards Thomas -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv iQEVAwUBOtKnnGF+JhyEltoZAQFspgf/aL1OJfT1zAemlXicybM4nE5xHDr6nzMa uvc18jbga/j5LhiiQh2o2jk3xO1XkWfVU9i16BzYnKZ/xAD/76dofm1lFVpxVDgl Jyb1jSladp+qSJ5a/de0Kr70GBHDgPCfCECjNwB6br9XYtqFcq5+UrWqJpz2KaWc eNQARVxNpisVPnG0EX14cqe8yzDOsOQlupktRiIi+uomvcZFlbiV6qzH6tG9jG03 MyMDCAJep3Y2uZv47NqPnMAEYG/AspXLrlKonvjDNL2Og+tDlzTdxGEvGHZ8rOuP zNNhK5efegsh9kcZnA+k/syNZsEzggUWTs0JlLkbN0jK8hBR+D518A== =MsGo -----END PGP SIGNATURE----- ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|