On Wed, Dec 21, 2011 at 2:12 PM, David Miller <[email protected]> wrote: > On 12/21/2011 2:03 PM, [email protected] wrote: >>> >>> We discover there are so many (source) ip not belonging to our network >>> to go to outside. >>> >>> We can block it but don't know how to locate the source. >>> >>> Any tools can be easily found out. >> >> http://lmgtfy.com/?q=unicast+rpf >> >> Steinar Haug, Nethelp consulting, [email protected] >> > > Also - http://lmgtfy.com/?q=tracing+spoofed+source+on+network > > Which get you to some strategies for finding the source(s) on your network > (which I believe was the OP's question). Including: > http://www.csm.ornl.gov/~dunigan/oci/bktrk.html > http://www.cymru.com/Documents/tracking-spoofed.html
also, of course netflow... which I think Deric has asked about in the past?
