Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

IP Spoofing, Back Orifice, Sub Seven, Netbus

Posted on 2000-05-04
3
Medium Priority
?
474 Views
Last Modified: 2010-04-11
I have a sonicwall pro firewall on my LAN which keeps sending me alerts to warn me of various attacks, it started about a month ago with the sub seven attacks then came the netbus and back orifice and now I am getting 70-80 alerts a day to say that an IP spoof has been detected but the IP address is that of my own workstation. Why is this happening and how do I stop it!??
0
Comment
Question by:1524
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 63

Expert Comment

by:SysExpert
ID: 2778014
That's what spoofing is. It puts a local address in a packet, so that it can get into your network.
I do not think there is much you can do since this is all coming from the outside !!
The only other thing is to run a good virus detector with updated virus definitions to make sure your machine is clean !!

I hope this helps !
0
 
LVL 3

Accepted Solution

by:
apadua earned 1245 total points
ID: 2780404
The idea in IP spoofing is exactly that. Someone will start sending commands with a mal-formed packed, containing the IP address of the internal network as the source address. The concept is interesting, because usually boxes on the inside of the network have more rights than ones on the outside. And usually, the IP address is what is used to detect these rights. Simple firewalls and routers don't check which interface the packet came from. Hence, even if your packet came from the public interface, the IP is of a trusted machine, so arbitrary code could be executed. It's hard to use an attack such as this one, but great for spoofing, say, snmp.

However, you could be getting IP spoofing messages because your machine is configured incorrectly. You could have the wrong default mask, the wrong IP range, or wrong Default Gateway. Check these three things before you get any more worried. Also, check to see if these attacks go on even if your machine is turned off. (Or maybe ONLY when your machine is turned off).

Try to relate things. Best way to find these types of problems (assuming you aren't really being hacked).

Cheers,

Andre
0
 

Author Comment

by:1524
ID: 2780452
THANKS
0

Featured Post

Veeam Disaster Recovery in Microsoft Azure

Veeam PN for Microsoft Azure is a FREE solution designed to simplify and automate the setup of a DR site in Microsoft Azure using lightweight software-defined networking. It reduces the complexity of VPN deployments and is designed for businesses of ALL sizes.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Most of the applications these days are on Cloud. Cloud is ubiquitous with many service providers in the market. Since it has many benefits such as cost reduction, software updates, remote access, disaster recovery and much more.
Originally, this post was published on Monitis Blog, you can check it here . It goes without saying that technology has transformed society and the very nature of how we live, work, and communicate in ways that would’ve been incomprehensible 5 ye…
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question