Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: 0.0.0.0 Probes

from [Fook Ming EE] Network Security [Permanent Link]
Subject: RE: 0.0.0.0 Probes
Date: Tue, 26 Oct 2004 13:24:21 +0800 
You may want to check the DHCP config of the server is proper and also check
client IP config to make sure that client side IP is not statically
configured. PPP would take precedence to dynamically allocate source IP to
clients that connect to VPN servers, as this is the usual setup.

-----Original Message-----
From: Keith Bucknall [mailto:keith.bucknall@zen.co.uk] 
Sent: Saturday, October 23, 2004 6:52 PM
To: miles@mstevenson.org; security-basics@securityfocus.com;
gillettdavid@fhda.edu
Cc: 'John Smithson'
Subject: RE: 0.0.0.0 Probes

Dear All,

I am trying to troubleshoot a problem we have, on a particular site they use
a PPTP VPN connection to our office, at present we just use Windows XP DUN
for this - I will be changing this soon to a IPSEC tunnel but just need to
get this working.

When use A dials the VPN server they connect without a problem and the VPN
registers as established.  But then the next day when User B tries on our
VPN server it displays his source address as 0.0.0.0 and then refuses the
connection, User A tries and I get his original source IP.  This only
displays a source IP as 0.0.0.0 for User B...

Would this mean that his PC could be infected with a worm that is trying to
hide the course IP.

Kind Regards

Keith

 


-----Original Message-----
From: Miles Stevenson [mailto:miles@mstevenson.org] 
Sent: 22 October 2004 19:02
To: security-basics@securityfocus.com; gillettdavid@fhda.edu
Cc: 'John Smithson'
Subject: Re: 0.0.0.0 Probes

David,

<snip>

  These packets are not *to* 0.0.0.0; they just claim to be
*from* there.  Unless a router is specifically configured to
check the source address for validity, it won't care.  (The
RFC passage you quote prevents attempts to *reply* to such
packets from saturating the whole Internet.)

</snip>

Agreed. Thank you for the correction. 


"..SHOULD NOT originate datagrams addressed to 0.0.0.0".


Use of the words "originate" and "to" in the same phrase to represent
traffic 
flow seems, at first glance, to be in conflict with each other, and is
likely 
the source of my misinterpretation.

Another example of the importance of semantics when then intention is to 
communicate accurately. 

-- 
Miles Stevenson
miles@mstevenson.org
PGP FP: 035F 7D40 44A9 28FA 7453 BDF4 329F 889D 767D 2F63
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Secure SMTP setup/ISA 2004, Stephane Auger
Next by Date:  Re: Is this normal?, H Carvey
Previous by Thread:  RE: 0.0.0.0 Probes, xyberpix
Next by Thread:  RE: 0.0.0.0 Probes, David Gillett
Indexes:  [Date] [Thread] [Top] [All Lists]