I have been getting more and more spoofed IPs hitting my firewall
recently, and I'd like to be able to figure out where they are coming
from. Is this possible?
It seems that when I do a snoop for that specific IP nothing comes
through, so that tells me that the spoofing isn't fooling snoop, so
surely there are other clues in the headers. Next time I find someone
portscanning me from a spoofed IP I'll have to shut down anything doing
network traffic and do tcpdump.
BTW, such IPs are like 10.10.12.225 and 172.31.0.125, I'm assuming both
BTW, what would happen if someone spoofed a 'localnet' IP, such as
192.168.0.x? I have my other computer connected over a PPP link, it's
kinda scary to think if someone could just spoof that IP and get through
http://wally.hplx.org Powered by RedHat 6.0