Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Incidents
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Localhost packets on WAN

from [Frank Knobbe] Network Security [Permanent Link]
Subject: RE: Localhost packets on WAN
Date: Thu, 30 Sep 2004 16:39:30 -0500 
On Thu, 2004-09-30 at 10:00, NESTING, DAVID M (SBCSI) wrote:

Frequently, when the source port is 80 and the destination port is
"ephemeral", I find problems like this are usually caused by buggy or
misconfigured load balancers in front of a web site.  Some load
balancers get your packet to the physical server by doing tricks with
the network stack.  


Good thought, could be. But this is easy to test. Just run tcpdump and
sniff for those source IP and ephemeral ports (guess a range in advance
is all is NATed to one IP). If you do see those leaving your network to
some web site, then your theory applies. But if you don't see any such
packets originating from your network, then these incoming packets are
responses to spoofed packets. "Hanson's Blaster Theorem" applies :)   

(Of course it could be just someone sending crafted packets your way to
keep you busy chasing a ghost.... make sure you don't have a security
assessment or penetration test scheduled on your premises when those
Internet flukes appear :)

Cheers,
Frank

Attachment: signature.asc
Description: This is a digitally signed message part

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Localhost packets on WAN, spainsecurity-s.navarro
Next by Date:  Re: Localhost packets on WAN, Kirby Angell
Previous by Thread:  RE: Localhost packets on WAN, NESTING, DAVID M (SBCSI)
Next by Thread:  Re: Localhost packets on WAN, Kirby Angell
Indexes:  [Date] [Thread] [Top] [All Lists]