Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security ISSForum
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[ISSForum] All Zeros Packet capture

from [Chris Norris/AMIG] Network Security [Permanent Link]
Subject: [ISSForum] All Zeros Packet capture
Date: Thu, 26 May 2005 08:28:31 -0400 
All,

      We've seen a small amount of activity that looks like a PC might be
spoofing and IP of 0.0.0.0. My desire is to setup our sensors to log those
packets in hopes of revealing the MAC address that they are originating
from. I have the firewall filter setup in our ProventiaG for that but I'm
not sure how to accomplish this on the Proventia_A201 devices. I need to
get them all to log/capture these packets because I want to track this down
before I have the network team implement anti-spoofing filters on all the
router interfaces.

      It would be nice if there was a signature for spoofed addresses. If
there is I have missed it but there's no good way to search through all the
XPUs and the search feature seemed to break as it stops on the first match.
There needs to be a "find next" because unless I know the exact name of a
signature it doesn't help.

Regards,
Chris Norris CISSP

_______________________________________________
ISSForum mailing list
ISSForum@iss.net

TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to 
https://atla-mm1.iss.net/mailman/listinfo/issforum

To contact the ISSForum Moderator, send email to mod-issforum@iss.net

The ISSForum mailing list is hosted and managed by Internet Security Systems, 
6303 Barfield Road, Atlanta, Georgia, USA 30328.
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [ISSForum] All Zeros Packet capture, Chris Norris/AMIG <=
Previous by Date:  RE: [ISSForum] Alert on sensor "Not Responding", Kaylor, Adrian \(ISS Atlanta\)
Next by Date:  RE: [ISSForum] Alert on sensor "Not Responding", Lewis, Eric \(ISS Herndon\)
Previous by Thread:  [ISSForum] Alert on sensor "Not Responding", Nicholas Cross
Next by Thread:  [ISSForum] SiteProtector user login auditing, Tim Beatty
Indexes:  [Date] [Thread] [Top] [All Lists]