Firewalls: Re: spoofed IPs

Firewalls
(January 1998)

Indexed By Thread: [Previous] [Next]

Subject:	Re: spoofed IPs
From:	187AHGaaZadonick <zadonick @ ucsub . Colorado . EDU>
Date:	Tue, 27 Jan 1998 09:26:06 -0700 (MST)
To:	Pulzar <pulzar @ maribor . zrcalo . si>
Cc:	firewalls @ GreatCircle . COM
In-reply-to:	<Pine . LNX . 3 . 95 . 980126202202 . 5850B-100000 @ maribor . zrcalo . si>

>From what I understand with TCP wrappers, how about putting an entry or
command in the /etc/hosts.deny file that would spawn off a script when
this IP range or "unknown" tries to connnect. THe script obvioulsy would
run a traceroute and log it.

-aaron zadonick

On Mon, 26 Jan 1998, Pulzar wrote:

> Has anyone an idea how to configure a router of a possible way to trace a
> spoofed atempt to telnet to my server. Server has installed a tcp-wrapper
> which to my luck the hackers couldn't fool it, all i got in the logs was
> connection from uknown. Does anyone know how i could backtrace such
> attemts or even block them so they won't even come through the router.
> Thx for any help,
> 	Aleksander
>

Follow-Ups:

Re: spoofed IPs
From: Josh Richards <jrichard @ livingston . com>

References:

spoofed IPs
From: Pulzar <pulzar @ maribor . zrcalo . si>

Indexed By Date	Previous:	Re: Proxy Server and FW-1 From: Peter da Silva <peter @ baileynm . com>
Indexed By Date	Next:	building a firewall From: Wes Kaufmann <wes @ osds . com>
Indexed By Thread	Previous:	Re: spoofed IPs From: Chris Brenton <cbrenton @ sover . net>
Indexed By Thread	Next:	Re: spoofed IPs From: Josh Richards <jrichard @ livingston . com>