Spoof attack - Wireless

This is a discussion on Spoof attack - Wireless ; I had occasion to check my router's security log and found the following 16.03.2007 18:21:21 192.*.*.* login success 16.03.2007 17:41:46 **ICMP Redirect** 74.120.157.254->> 83.104.57.185, Type:5, Code:1 (from ATM1 Inbound) 16.03.2007 16:15:21 **IP Spoofing** 192.*.*.*->> 192.*.*.*, Type:3, Code:3 (from ATM1 Inbound) ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: Spoof attack

  1. Spoof attack

    I had occasion to check my router's security log and found the following

    16.03.2007 18:21:21 192.*.*.* login success
    16.03.2007 17:41:46 **ICMP Redirect** 74.120.157.254->> 83.104.57.185,
    Type:5, Code:1 (from ATM1 Inbound)

    16.03.2007 16:15:21 **IP Spoofing** 192.*.*.*->> 192.*.*.*, Type:3, Code:3
    (from ATM1 Inbound)
    16.03.2007 16:15:19 **IP Spoofing** 192.*.*.*->> 192.*.*.*, Type:3, Code:3
    (from ATM1 Inbound)
    16.03.2007 16:14:56 **IP Spoofing** 192.*.*.*->> 192.168.2.4, Type:3, Code:3
    (from ATM1 Inbound)
    16.03.2007 16:12:56 **ICMP Redirect** 80.37.149.206->> 83.104.57.185,
    Type:5, Code:1 (from ATM1 Inbound)
    16.03.2007 16:12:37 **ICMP Redirect** 80.37.149.206->> 83.104.57.185,
    Type:5, Code:1 (from ATM1 Inbound)
    16.03.2007 16:12:31 **ICMP Redirect** 80.37.149.206->> 83.104.57.185,
    Type:5, Code:1 (from ATM1 Inbound)

    I've done an NSLOOKUP and got some sites for these IP addresses, (Spanish
    spam site) what can I do to stop these scumbags?

    TIA
    TWK



  2. Re: Spoof attack

    Hi
    Looking at a Cable/DSL Router's log is always scary, never the less, in
    reality there is nothing you can do about traffic knocking on the door
    beside block it (which is the Routerís NAT Firewall Job)
    If you want to check your system security against outside involuntary
    intruders, log to this site, scroll down few pages to
    http://www.grc.com/default.htm ShieldsUP!
    If you want, more security from the inside read this,
    http://www.ezlan.net/firewall.html
    Jack (MVP-Networking).

    "Toobi Won Kenobi" wrote in message
    news:etenid$5gs$1$8302bc10@news.demon.co.uk...
    >I had occasion to check my router's security log and found the following
    >
    > 16.03.2007 18:21:21 192.*.*.* login success
    > 16.03.2007 17:41:46 **ICMP Redirect** 74.120.157.254->> 83.104.57.185,
    > Type:5, Code:1 (from ATM1 Inbound)
    >
    > 16.03.2007 16:15:21 **IP Spoofing** 192.*.*.*->> 192.*.*.*, Type:3, Code:3
    > (from ATM1 Inbound)
    > 16.03.2007 16:15:19 **IP Spoofing** 192.*.*.*->> 192.*.*.*, Type:3, Code:3
    > (from ATM1 Inbound)
    > 16.03.2007 16:14:56 **IP Spoofing** 192.*.*.*->> 192.168.2.4, Type:3,
    > Code:3 (from ATM1 Inbound)
    > 16.03.2007 16:12:56 **ICMP Redirect** 80.37.149.206->> 83.104.57.185,
    > Type:5, Code:1 (from ATM1 Inbound)
    > 16.03.2007 16:12:37 **ICMP Redirect** 80.37.149.206->> 83.104.57.185,
    > Type:5, Code:1 (from ATM1 Inbound)
    > 16.03.2007 16:12:31 **ICMP Redirect** 80.37.149.206->> 83.104.57.185,
    > Type:5, Code:1 (from ATM1 Inbound)
    >
    > I've done an NSLOOKUP and got some sites for these IP addresses, (Spanish
    > spam site) what can I do to stop these scumbags?
    >
    > TIA
    > TWK
    >
    >




  3. Re: Spoof attack

    Thanks Jack, will give them a try.

    Regards
    TWK
    "Jack (MVP-Networking)." wrote in message
    news:ObFJ7HAaHHA.4856@TK2MSFTNGP03.phx.gbl...
    > Hi
    > Looking at a Cable/DSL Router's log is always scary, never the less, in
    > reality there is nothing you can do about traffic knocking on the door
    > beside block it (which is the Router's NAT Firewall Job)
    > If you want to check your system security against outside involuntary
    > intruders, log to this site, scroll down few pages to
    > http://www.grc.com/default.htm ShieldsUP!
    > If you want, more security from the inside read this,
    > http://www.ezlan.net/firewall.html
    > Jack (MVP-Networking).
    >
    > "Toobi Won Kenobi" wrote in message
    > news:etenid$5gs$1$8302bc10@news.demon.co.uk...
    >>I had occasion to check my router's security log and found the following
    >>
    >> 16.03.2007 18:21:21 192.*.*.* login success
    >> 16.03.2007 17:41:46 **ICMP Redirect** 74.120.157.254->> 83.104.57.185,
    >> Type:5, Code:1 (from ATM1 Inbound)
    >>
    >> 16.03.2007 16:15:21 **IP Spoofing** 192.*.*.*->> 192.*.*.*, Type:3,
    >> Code:3 (from ATM1 Inbound)
    >> 16.03.2007 16:15:19 **IP Spoofing** 192.*.*.*->> 192.*.*.*, Type:3,
    >> Code:3 (from ATM1 Inbound)
    >> 16.03.2007 16:14:56 **IP Spoofing** 192.*.*.*->> 192.168.2.4, Type:3,
    >> Code:3 (from ATM1 Inbound)
    >> 16.03.2007 16:12:56 **ICMP Redirect** 80.37.149.206->> 83.104.57.185,
    >> Type:5, Code:1 (from ATM1 Inbound)
    >> 16.03.2007 16:12:37 **ICMP Redirect** 80.37.149.206->> 83.104.57.185,
    >> Type:5, Code:1 (from ATM1 Inbound)
    >> 16.03.2007 16:12:31 **ICMP Redirect** 80.37.149.206->> 83.104.57.185,
    >> Type:5, Code:1 (from ATM1 Inbound)
    >>
    >> I've done an NSLOOKUP and got some sites for these IP addresses, (Spanish
    >> spam site) what can I do to stop these scumbags?
    >>
    >> TIA
    >> TWK
    >>
    >>

    >
    >




+ Reply to Thread