[Snort-users] Re: port 0 packets from bogon networks
joe at ...3851...
Fri Nov 23 10:49:04 EST 2001
I know this isn't the NIDS helpline, but I am seeing a lot more of this sort of packet than usual. I stop them at the edge router with an ACL (per Rob Thomas) but I've never seen much action from this list. Today I am seeing a bunch and am just curious is anyone else is getting some action? Maybe something's up, maybe I just ate too much yesterday. (maybe both?)
I normally would associate anything with a bad return address as some sort of DOS, but is there anything else you'd do to someone else from a spoofed &/or unroutable IP?
A quick google yielded this http://www.sans.org/y2k/120700-1700.htm which had some good points (perhaps it's someone trying to spoof my internal IP's.. except they are way way off.)
More information about the Snort-users