Glad to read that! phew. :-) Check out the traffic that the source
is generating and see its interest in your network. Then leave a small
window open to it, possibly 32 bytes enough to run a ping packet.
Since your network may not be busy at night, it is easier to identify
the cause. Whatever opened up your network and say the local
computer/device logs on in the morning, the spoof will become active
again, this time they cannot openly move in your network looking for
shared folders or weak passwords due to byte limit. Gives you enough
time to fix the situation but I cannot stress you enough that your
network is in a critical state so anything that is pending patches or
updates is a target. Good luck.
On Fri, May 14, 2010 at 10:00 PM, Simon Mbuthia <simon.mbuthia@gmail.com> wrote:
> I blocked them on iptables... but I'm still investigating.
>
> On 14 May 2010 21:58, aki <aki275@googlemail.com> wrote:
>>
>> Hey Simon, I hope you know how urgent and critical your network
>> situation is. I'd not wait until Monday. Anyway its upto you to
>> understand the real risk the spoof is carrying since you manage your
>> network. Personally, I'd already have shut down the reserved subnets
>> as I wrote earlier. HTHs.
>>
_______________________________________________
Skunkworks mailing list
Skunkworks@lists.my.co.ke
http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks
------------
Skunkworks Server donations spreadsheet
http://spreadsheets.google.com/ccc?key=0AopdHkqSqKL-dHlQVTMxU1VBdU1BSWJxdy1fbjAwOUE&hl=en
------------
Skunkworks Rules
http://my.co.ke/phpbb/viewtopic.php?f=24&t=94
------------
Other services @ http://my.co.ke