spoof attack from 127.0.0.1
- From: "Manfred" <md.fk@xxxxxxx>
- To: isalist@xxxxxxxxxxxxx
- Date: Tue, 30 Sep 2003 08:42:42 -0600
Hi everyone,
on my front end isa server on a public dmz I get a lot of spoof events
from 127.0.0.1 in the last weeks.
Log file entrys like:
date/time 127.0.0.1 n.n.n.n Tcp 80 1609 Spoof x.x.x.x
date/time 127.0.0.1 n.n.n.n Tcp 80 1739 Spoof x.x.x.x
date/time 127.0.0.1 n.n.n.n Tcp 80 1447 Spoof x.x.x.x
date/time 127.0.0.1 n.n.n.n Tcp 80 1924 Spoof x.x.x.x
n.n.n.n = different ip addresses on public dmz
x.x.x.x = external isa address
I made virus scans, checked processes and network traffic but cannot find
the reason for it. The LAT and ip configuration should be ok for it
already worked for months without problems. Does anyone has an idea?
Thank you,
manfred
Other related posts:
