Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: 0.0.0.0 Probes

from [xyberpix] Network Security [Permanent Link]
Subject: RE: 0.0.0.0 Probes
Date: Tue, 26 Oct 2004 08:49:05 +0100 (BST) 
Some personal firewalls will hide the IP addy of the box trying to
connect, find out what firewalls they are running on their machines, if
any, and then take things from there. I know that Sygate can do this, and
I seem to think that BlackICE can as well, might wanna check though.

xyberpix



On Sat, 23 October, 2004 11:51 am, Keith Bucknall said:

Dear All,

I am trying to troubleshoot a problem we have, on a particular site they
use
a PPTP VPN connection to our office, at present we just use Windows XP DUN
for this - I will be changing this soon to a IPSEC tunnel but just need to
get this working.

When use A dials the VPN server they connect without a problem and the VPN
registers as established.  But then the next day when User B tries on our
VPN server it displays his source address as 0.0.0.0 and then refuses the
connection, User A tries and I get his original source IP.  This only
displays a source IP as 0.0.0.0 for User B...

Would this mean that his PC could be infected with a worm that is trying
to
hide the course IP.

Kind Regards

Keith




-----Original Message-----
From: Miles Stevenson [mailto:miles@mstevenson.org]
Sent: 22 October 2004 19:02
To: security-basics@securityfocus.com; gillettdavid@fhda.edu
Cc: 'John Smithson'
Subject: Re: 0.0.0.0 Probes

David,

<snip>

  These packets are not *to* 0.0.0.0; they just claim to be
*from* there.  Unless a router is specifically configured to
check the source address for validity, it won't care.  (The
RFC passage you quote prevents attempts to *reply* to such
packets from saturating the whole Internet.)

</snip>

Agreed. Thank you for the correction.


"..SHOULD NOT originate datagrams addressed to 0.0.0.0".


Use of the words "originate" and "to" in the same phrase to represent
traffic
flow seems, at first glance, to be in conflict with each other, and is
likely
the source of my misinterpretation.

Another example of the importance of semantics when then intention is to
communicate accurately.

--
Miles Stevenson
miles@mstevenson.org
PGP FP: 035F 7D40 44A9 28FA 7453 BDF4 329F 889D 767D 2F63




-- 
For security and Opensource news check out:
http://xyberpix.demon.co.uk
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Assessment Methodology, robert
Next by Date:  Re: Secure SMTP setup/ISA 2004, xyberpix
Previous by Thread:  RE: 0.0.0.0 Probes, Keith Bucknall
Next by Thread:  RE: 0.0.0.0 Probes, Fook Ming EE
Indexes:  [Date] [Thread] [Top] [All Lists]