On Tue, 2001-10-23 at 21:43, [EMAIL PROTECTED] wrote: > Dennis Glatting wrote: > > > I was looking through my firewall logs and found this gem: > > > > Oct 17 03:43:33 btw /kernel: Oct 17 03:41:34 btw /kernel: > > ipfw: 7800 Unreach TCP 12.1.224.109:80 206.129.5.146:1115 > > in via xl1 > > > > > I haven't used ipfw in a while; I assume this means that the source of > the packet was the 12 address and the destination was your printer, > and it came from outside your firewall, right? >
Correct. I checked my logs and I had a hit from the same source against an unused IP address a few days earlier. > If this is the case, there is a much simpler explanation: someone is > attacking the web server at 12.1.224.109 using fake IP addresses; the > server is responding to the source address of the packet, and you > catch it. > > /ji > > -- > /\ ASCII ribbon | John "JI" Ioannidis * Secure Systems Research Department > \/ campaign | AT&T Labs - Research * Florham Park, NJ 07932 * USA > /\ against | "Intellectuals trying to out-intellectual > / \ HTML email. | other intellectuals" (Fritz the Cat) > > > > > > --------------------------------------------------------------------- > The Cryptography Mailing List > Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED] --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
