[c-nsp] traffic sourced from 127.0.0.1
joshua sahala
jejs at sahala.org
Mon Aug 30 16:04:45 EDT 2004
On (30/08/04 15:34), Patrick Coppinger wrote:
>
> Anyone else notice an increase in traffic spoofed from 127.0.0.1 coming in
> Transit/Peering links since the 15th or so? Looks like worm scanning
> activity but I can't imagine how this would give the worm/trojan any
> feedback if responses never make it back to the source?
>
but it would make it to a source...the destination host will reply
to 127.0.0.1, it could cause a self-created dos of sorts
hopefully more members of this list are filtering bogon traffic at
their edge and customer links ;-) (well, obviously some aren't, but we
can hope for them to do so)
/joshua
--
A common mistake that people make when trying to design something
completely foolproof is to underestimate the ingenuity of complete
fools.
- Douglas Adams -
More information about the cisco-nsp
mailing list