+ Reply to Thread
Results 1 to 7 of 7

Thread: Spoof Attack

  1. May 4th, 2004 04:55 PM #1
    AngelicKnight
    AngelicKnight is offline
    AO Autobot AngelicKnight has a reputation beyond repute AngelicKnight has a reputation beyond repute AngelicKnight has a reputation beyond repute AngelicKnight has a reputation beyond repute AngelicKnight has a reputation beyond repute AngelicKnight has a reputation beyond repute AngelicKnight has a reputation beyond repute AngelicKnight has a reputation beyond repute AngelicKnight has a reputation beyond repute AngelicKnight has a reputation beyond repute AngelicKnight has a reputation beyond repute AngelicKnight's Avatar
    Join Date
    Aug 2003
    Posts
    2,368

    Question Spoof Attack

    I was checking my SonicWall log, and this turned up:

    05/03/2004 18:07:28.048 FTP: PASV response spoof attack dropped
    Source: 192.165.218.22, 21, WAN
    Destination: 192.168.1.33, 3443, LAN

    So what appears to be going on here? Is someone trying to spoof me?
    The forums are back!
    www.jameswebsite.net
    Reply With Quote Reply With Quote
  2. May 4th, 2004 05:44 PM #2
    cacosapo
    cacosapo is offline
    Senior Member cacosapo has a reputation beyond repute cacosapo has a reputation beyond repute cacosapo has a reputation beyond repute cacosapo has a reputation beyond repute cacosapo has a reputation beyond repute cacosapo has a reputation beyond repute cacosapo has a reputation beyond repute cacosapo has a reputation beyond repute cacosapo has a reputation beyond repute cacosapo has a reputation beyond repute cacosapo has a reputation beyond repute
    Join Date
    Apr 2004
    Posts
    1,130
    is just ur firewall alerting u that an attack was detect and defeated. i advise u to ignore, since there are tons of attacks per second and its is impossible to seek out each one (except maybe is it is reocurring)
    Meu sítio

    FORMAT C: Yes ...Yes??? ...Nooooo!!! ^C ^C ^C ^C ^C
    If I die before I sleep, I pray the Lord my soul to encrypt.
    If I die before I wake, I pray the Lord my soul to brake.
    Reply With Quote Reply With Quote
  3. May 4th, 2004 06:15 PM #3
    Info Tech Geek
    Info Tech Geek is offline
    Senior Member Info Tech Geek Info Tech Geek Info Tech Geek Info Tech Geek Info Tech Geek Info Tech Geek Info Tech Geek Info Tech Geek Info Tech Geek Info Tech Geek Info Tech Geek Info Tech Geek's Avatar
    Join Date
    Jan 2003
    Location
    Vernon, CT
    Posts
    828
    Here is a great resource. Should answer all of your questions.

    http://www.sonicwall.com/services/pd...events_ref.pdf

    *IP Spoof Detected - A packet with a source IP address and arriving at an interface that conflicts with the SonicWALL route table was detected and rejected by the SonicWALL.
    Reply With Quote Reply With Quote
  4. May 5th, 2004 02:59 AM #4
    KorpDeath
    KorpDeath is offline
    Priapistic Monk KorpDeath has a reputation beyond repute KorpDeath has a reputation beyond repute KorpDeath has a reputation beyond repute KorpDeath has a reputation beyond repute KorpDeath has a reputation beyond repute KorpDeath has a reputation beyond repute KorpDeath has a reputation beyond repute KorpDeath has a reputation beyond repute KorpDeath has a reputation beyond repute KorpDeath has a reputation beyond repute KorpDeath has a reputation beyond repute KorpDeath's Avatar
    Join Date
    Dec 2001
    Posts
    2,628
    Don't fret unless you can put it together with other attacks, false positives are a dime a dozen.
    Mankind have a great aversion to intellectual labor; but even supposing knowledge to be easily attainable, more people would be content to be ignorant than would take even a little trouble to acquire it.
    - Samuel Johnson
    Reply With Quote Reply With Quote
  5. May 5th, 2004 02:59 AM #5
    KorpDeath
    KorpDeath is offline
    Priapistic Monk KorpDeath has a reputation beyond repute KorpDeath has a reputation beyond repute KorpDeath has a reputation beyond repute KorpDeath has a reputation beyond repute KorpDeath has a reputation beyond repute KorpDeath has a reputation beyond repute KorpDeath has a reputation beyond repute KorpDeath has a reputation beyond repute KorpDeath has a reputation beyond repute KorpDeath has a reputation beyond repute KorpDeath has a reputation beyond repute KorpDeath's Avatar
    Join Date
    Dec 2001
    Posts
    2,628
    Don't fret unless you can put it together with other attacks, false positives are a dime a dozen.
    Mankind have a great aversion to intellectual labor; but even supposing knowledge to be easily attainable, more people would be content to be ignorant than would take even a little trouble to acquire it.
    - Samuel Johnson
    Reply With Quote Reply With Quote
  6. May 5th, 2004 04:50 PM #6
    AngelicKnight
    AngelicKnight is offline
    AO Autobot AngelicKnight has a reputation beyond repute AngelicKnight has a reputation beyond repute AngelicKnight has a reputation beyond repute AngelicKnight has a reputation beyond repute AngelicKnight has a reputation beyond repute AngelicKnight has a reputation beyond repute AngelicKnight has a reputation beyond repute AngelicKnight has a reputation beyond repute AngelicKnight has a reputation beyond repute AngelicKnight has a reputation beyond repute AngelicKnight has a reputation beyond repute AngelicKnight's Avatar
    Join Date
    Aug 2003
    Posts
    2,368
    Thanks InfoTech, that's exactly what I needed.

    Well, it turns out it was our other tech guru who was the FTP that was blocked out, so all is well. That was a good lesson in log analysis nonetheless.
    The forums are back!
    www.jameswebsite.net
    Reply With Quote Reply With Quote
  7. May 5th, 2004 04:50 PM #7
    AngelicKnight
    AngelicKnight is offline
    AO Autobot AngelicKnight has a reputation beyond repute AngelicKnight has a reputation beyond repute AngelicKnight has a reputation beyond repute AngelicKnight has a reputation beyond repute AngelicKnight has a reputation beyond repute AngelicKnight has a reputation beyond repute AngelicKnight has a reputation beyond repute AngelicKnight has a reputation beyond repute AngelicKnight has a reputation beyond repute AngelicKnight has a reputation beyond repute AngelicKnight has a reputation beyond repute AngelicKnight's Avatar
    Join Date
    Aug 2003
    Posts
    2,368
    Thanks InfoTech, that's exactly what I needed.

    Well, it turns out it was our other tech guru who was the FTP that was blocked out, so all is well. That was a good lesson in log analysis nonetheless.
    The forums are back!
    www.jameswebsite.net
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts

Forum Rules

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides