Solved

IP Spoofing, Back Orifice, Sub Seven, Netbus

Posted on 2000-05-04
3
466 Views
Last Modified: 2010-04-11
I have a sonicwall pro firewall on my LAN which keeps sending me alerts to warn me of various attacks, it started about a month ago with the sub seven attacks then came the netbus and back orifice and now I am getting 70-80 alerts a day to say that an IP spoof has been detected but the IP address is that of my own workstation. Why is this happening and how do I stop it!??
0
Comment
Question by:1524
3 Comments
 
LVL 63

Expert Comment

by:SysExpert
ID: 2778014
That's what spoofing is. It puts a local address in a packet, so that it can get into your network.
I do not think there is much you can do since this is all coming from the outside !!
The only other thing is to run a good virus detector with updated virus definitions to make sure your machine is clean !!

I hope this helps !
0
 
LVL 3

Accepted Solution

by:
apadua earned 415 total points
ID: 2780404
The idea in IP spoofing is exactly that. Someone will start sending commands with a mal-formed packed, containing the IP address of the internal network as the source address. The concept is interesting, because usually boxes on the inside of the network have more rights than ones on the outside. And usually, the IP address is what is used to detect these rights. Simple firewalls and routers don't check which interface the packet came from. Hence, even if your packet came from the public interface, the IP is of a trusted machine, so arbitrary code could be executed. It's hard to use an attack such as this one, but great for spoofing, say, snmp.

However, you could be getting IP spoofing messages because your machine is configured incorrectly. You could have the wrong default mask, the wrong IP range, or wrong Default Gateway. Check these three things before you get any more worried. Also, check to see if these attacks go on even if your machine is turned off. (Or maybe ONLY when your machine is turned off).

Try to relate things. Best way to find these types of problems (assuming you aren't really being hacked).

Cheers,

Andre
0
 

Author Comment

by:1524
ID: 2780452
THANKS
0

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Losing network connectivity 8 73
Cisco Access point 6 57
Issue with  IP address/conflict 10 87
Getting locked out and can't access Cisco via the web 18 35
Don’t let your business fall victim to the coming apocalypse – use our Survival Guide for the Fax Apocalypse to identify the risks and signs of zombie fax activities at your business.
If your business is like most, chances are you still need to maintain a fax infrastructure for your staff. It’s hard to believe that a communication technology that was thriving in the mid-80s could still be an essential part of your team’s modern I…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now