"Jarmoc, Jeff" wrote:
>
> I'd take this a step further, see if your upstream provider can block the
> IPs. Blocking them yourself keeps them from hitting your network, but they
> still traverse your circuit.
That's the first step.
For the second step I suggest to review your IP Spoofing configuration.
Usually the most simple configuration is having "This net" for internal
interface and "Others" for external interface.
About the connections? What kind of connections are? (ICMP/TCP/UDP)
What ports are being used? (telnet, 31337, 12345, ... ? )
It's very important also to notify the destination network manager
(use WHOIS database or SOA records in DNS) that you're not the real
origin for such attack and that He/She must verify their firewall/IDS
records in order to try to protect their network also...
Regards.
-- M. Hoz
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
