Hi aki, The interesting thing is that the spoofing computer appears to be in my LAN because it's accessing the firewall through the internal interface. I did a packet sniff using wireshark on "ip.src == 10.230.0.63" and got the ethernet address, then did another scan with the expression "ethernet.src == wh.at.i.got" and I got different LAN IP addresses... do I have a botnet or what?? The ethernet address is for a 3Com device. I have 3Com switches in my LAN. But 3Com switches aren't configured with IP addresses etc... unless 3COM themselves hardwired the configurations onto the devices... Anyway, my investigations continue on Monday. Let me know what you think. Me. On 14 May 2010 20:38, aki <aki275@googlemail.com> wrote:
@Simon, incase you are wondering how I picked up the ipspoof quickly, I ran into such a situation a few years ago and it took me some hours to figure out what was happening including setting up an packet analysis. Since then if I ever setup a network, all reserved subnets on public wan are blocked.
@Wash, sawa point taken. :-) just wanted to let others on the list contribute because there was a recent stage where listers were not okay with content discussed. But I always try and catchup on mails that need attention. Sorry did not respond to your subnet question but others had already responded well.
On Fri, May 14, 2010 at 2:53 PM, Odhiambo Washington <odhiambo@gmail.com> wrote:
Even from the grave, Aki, you cannot afford to miss the list for a month:) And you always chip in at the needed moment. Hizi siasa za hibernate achana nayo!!! --
Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Server donations spreadsheet
http://spreadsheets.google.com/ccc?key=0AopdHkqSqKL-dHlQVTMxU1VBdU1BSWJxdy1f... ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke