On Mit, 23 Okt 2002, Raymond Leach wrote:
Could be something like a smurf attack. A workstation pretending to be all the addresses on the network ....
Right, we have those "martian source" loggings on the external interface at our inner FW, too ;)
But it also can come from the inner network, when you configure a machine on the same hub/switch with different Network-Adresses (eg: you have 192.168.0.0/24, but your normal network have 10.0.0.0/24) is there a possibility to find out? is there a small tool somewhere around?
These times i cant see any security related problems at all - but any comments are welcome... i found a lot of entries on google, unfortunately i am not a technician so it was not really helpful...see http://www.geocrawler.com/archives/3/287/2000/8/0/4275081/ http://boudicca.tux.org/mhonarc/ma-linux/2001-Jan/msg00370.html ..perhaps a little helper...thanx for ur help!
Greetings, -- Jörg Henner Fon: +49 (7 11) 48 90 83 - 0 ETES - EDV-Systemhaus GbR Fax: +49 (7 11) 48 90 83 - 50 Libanonstrasse 58 A * D-70184 Stuttgart Web: http://www.etes.de