--- Re=E7u de RVIDOI.BUNTERMA 04 72 96 57 77 04/03/02 =
10.14
For troubleshooting network issues I usually do the three things below
first. Note that this is not just for determining if the address is spoo=
fed.
ping - is it routable, can it respond, is it alive
traceroute - how do I get there, what is the last box before the target
nslookup - who is it
Also try with hostname if/when you get it.
If your corporate firewall doesn't allow traceroute, ping and the rest
through from your PC, try samspade.org for answers. I would also ask the
firewall guys if this traffic is coming from outside.
Matt
------------------------------------------------------------------------=
----
Date: Sun, 3 Mar 2002 14:25:54 -0000
Subject: Re: SYN Flood ?
> Hi
>
> Sorry if this question is too newbieish. I am looking for a way to tra=
ce a
> spoofed IP address ?
>
> Mar 3 01:43:49 localhost kernel: PUB_IN DROP 4 IN=3Dppp0 OUT=3D MAC=3D
> SRC=3D66.33.88.30 DST=3D196.34.156.130 LEN=3D60 TOS=3D0x00 PREC=3D0x40=
TTL=3D47
> ID=3D27502 DF PROTO=3DTCP SPT=3D3611 DPT=3D113 WINDOW=3D32120 RES=3D0x=
00 SYN URGP=3D0
Hi
do you talk to the host 66.33.88.30 at all ?
this could be normall traffic it could just
be trying todo an ident lookup.
James
------------------------------------------------------------------------
To unsubscribe email security-discuss-request@linuxsecurity.com
with "unsubscribe" in the subject of the message.
---- 04/03/02 10.14 ---- Envoy=E9 =E0 -----------------------------=
--------
-> security-discuss(a)linuxsecurity.com
------------------------------------------------------------------------
To unsubscribe email security-discuss-request@linuxsecurity.com
with "unsubscribe" in the subject of the message.
