Twice recently we've had users attempt DOS attacks on sites off our
network using spoofed source addresses. We filter (and log) to
prevent anything with a bogus source IP from leaving our network, so
users trying this don't accomplish anything, but I'd like to catch
them anyway. While it's easy to know what box they're on, finding
what port they're on is frustratingly difficult.
I caught one with a lucky guess and a radius filter, but the other is
still out there somewhere.
Ideas?
-- Dick St.Peters, stpeters@NetHeaven.com Gatekeeper, NetHeaven, Saratoga Springs, NY, 1-800-910-6671 (voice) Saratoga/Albany/Amsterdam/BlueMountain/BoltonLanding/Cobleskill/ Greenwich/GlensFalls/LakePlacid/NorthCreek/Plattsburgh/... Oldest Internet service based in the 518 area code - To unsubscribe, email 'majordomo@livingston.com' with 'unsubscribe portmaster-users' in the body of the message. Searchable list archive: <URL:http://www.livingston.com/Tech/archive/>