Dear All,
I am trying to troubleshoot a problem we have, on a particular site they use
a PPTP VPN connection to our office, at present we just use Windows XP DUN
for this - I will be changing this soon to a IPSEC tunnel but just need to
get this working.
When use A dials the VPN server they connect without a problem and the VPN
registers as established. But then the next day when User B tries on our
VPN server it displays his source address as 0.0.0.0 and then refuses the
connection, User A tries and I get his original source IP. This only
displays a source IP as 0.0.0.0 for User B...
Would this mean that his PC could be infected with a worm that is trying to
hide the course IP.
Kind Regards
Keith
-----Original Message-----
From: Miles Stevenson [mailto:miles@mstevenson.org]
Sent: 22 October 2004 19:02
To: security-basics@securityfocus.com; gillettdavid@fhda.edu
Cc: 'John Smithson'
Subject: Re: 0.0.0.0 Probes
David,
<snip>
These packets are not *to* 0.0.0.0; they just claim to be
*from* there. Unless a router is specifically configured to
check the source address for validity, it won't care. (The
RFC passage you quote prevents attempts to *reply* to such
packets from saturating the whole Internet.)
</snip>
Agreed. Thank you for the correction.
"..SHOULD NOT originate datagrams addressed to 0.0.0.0".
Use of the words "originate" and "to" in the same phrase to represent
traffic
flow seems, at first glance, to be in conflict with each other, and is
likely
the source of my misinterpretation.
Another example of the importance of semantics when then intention is to
communicate accurately.
--
Miles Stevenson
miles@mstevenson.org
PGP FP: 035F 7D40 44A9 28FA 7453 BDF4 329F 889D 767D 2F63
smime.p7s
Description: S/MIME cryptographic signature
