ethernet attack ! Help Plz

Discussion in 'QnA (read only)' started by MysticHalo, May 7, 2006.

Thread Status:
Not open for further replies.
  1. MysticHalo

    MysticHalo Your Maker.

    Joined:
    Jan 3, 2006
    Messages:
    397
    Likes Received:
    2
    Trophy Points:
    0
    Location:
    mumba][
    Hello ppl,
    I am in some trouble here...lately, i am getting "Ethernet attacks's from a particular IP address but with different MAC. The IP address is 255.255.255.255 (now thats weird) But thats what my firewall tells me ( Outpost Firewall Pro 3.51) The firewall is updated with latest definitions...so i think that i shouldnt be any trouble, but whenever this attack happens(5 times in past 15 minutes)my internet connection stops working(looks like the firewall blocks it, ), so i have to disconnect and reconnect :(
    The warning also tells that "Host tampers with its Ip addresses" Now what does this mean:rolleyes:
    here's the attack LOG-:
    Code:
    10:04:51 PM    Host tampers its IP addresses.    IP spoofing detected. Host 0B-00-20-00-0B-00 (255.255.255.255) tampers its IP addresses.
    9:57:56 PM    Host tampers its IP addresses.    IP spoofing detected. Host 0A-00-20-00-0A-00 (255.255.255.255) tampers its IP addresses.
    9:56:57 PM    Host tampers its IP addresses.    IP spoofing detected. Host 09-00-20-00-09-00 (255.255.255.255) tampers its IP addresses.
    9:56:32 PM    Host tampers its IP addresses.    IP spoofing detected. Host 08-00-20-00-08-00 (255.255.255.255) tampers its IP addresses.
    9:54:09 PM    Host tampers its IP addresses.    IP spoofing detected. Host 07-00-20-00-07-00 (255.255.255.255) tampers its IP addresses.
    9:50:13 PM    Host tampers its IP addresses.    IP spoofing detected. Host 06-00-20-00-06-00 (255.255.255.255) tampers its IP addresses.
    9:48:58 PM    Host tampers its IP addresses.    IP spoofing detected. Host 05-00-20-00-05-00 (255.255.255.255) tampers its IP addresses.
    9:46:30 PM    Host tampers its IP addresses.    IP spoofing detected. Host 3A-F4-20-00-04-00 (255.255.255.255) tampers its IP addresses.
    9:44:48 PM    Host tampers its IP addresses.    IP spoofing detected. Host 03-00-20-00-03-00 (255.255.255.255) tampers its IP addresses.
    9:41:03 PM    Host tampers its IP addresses.    IP spoofing detected. Host 02-00-20-00-02-00 (255.255.255.255) tampers its IP addresses.
    Plz help me guys
     
  2. OP
    OP
    MysticHalo

    MysticHalo Your Maker.

    Joined:
    Jan 3, 2006
    Messages:
    397
    Likes Received:
    2
    Trophy Points:
    0
    Location:
    mumba][
    No one?:mad:
    Thankfully, the attacks have stopped now....but still, what WAS IT?:confused:
     
  3. iwillsavetheworld

    iwillsavetheworld New Member

    Joined:
    May 9, 2006
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    0
    IP spoofing is to change the mac address of lan card with some other address here it is your address the attacker is using. That's why it is showing that it as it tampers the ip address that is to change the mac address.
     
  4. phatratt

    phatratt New Member

    Joined:
    Jan 5, 2006
    Messages:
    263
    Likes Received:
    0
    Trophy Points:
    0
    Location:
    Mysore
    255.255.255.255,is'nt this a subnet??Is it possible that some backdoor program has been installed causing this attack??please clarify
     
  5. it_waaznt_me

    it_waaznt_me Coming back to life ..

    Joined:
    Nov 30, 2003
    Messages:
    2,023
    Likes Received:
    10
    Trophy Points:
    38
    Location:
    A bit closer to heaven
    255.255.255.255 is a broadcast address.Which means that if a packet's destination address is set to broadcast address, all hosts will recieve it .. It cannot be a source address.
    Now here whats happening is that your firewall sees that the packet's source address is a broadcast address which cannot be .. So its telling you that someone is spoofing ip address.
    You cannot change the mac address of a lan card. Its burned on the rom and contains a unique number.

    To the author, Dont worry, maybe some worm was testing your defences. Your firewall will take care of it.
     
Thread Status:
Not open for further replies.

Share This Page