ethernet attack ! Help Plz

MysticHalo · May 7, 2006

Hello ppl,
I am in some trouble here...lately, i am getting "Ethernet attacks's from a particular IP address but with different MAC. The IP address is 255.255.255.255 (now thats weird) But thats what my firewall tells me ( Outpost Firewall Pro 3.51) The firewall is updated with latest definitions...so i think that i shouldnt be any trouble, but whenever this attack happens(5 times in past 15 minutes)my internet connection stops working(looks like the firewall blocks it, ), so i have to disconnect and reconnect

The warning also tells that "Host tampers with its Ip addresses" Now what does this mean

here's the attack LOG-:

Code:

10:04:51 PM    Host tampers its IP addresses.    IP spoofing detected. Host 0B-00-20-00-0B-00 (255.255.255.255) tampers its IP addresses.
9:57:56 PM    Host tampers its IP addresses.    IP spoofing detected. Host 0A-00-20-00-0A-00 (255.255.255.255) tampers its IP addresses.
9:56:57 PM    Host tampers its IP addresses.    IP spoofing detected. Host 09-00-20-00-09-00 (255.255.255.255) tampers its IP addresses.
9:56:32 PM    Host tampers its IP addresses.    IP spoofing detected. Host 08-00-20-00-08-00 (255.255.255.255) tampers its IP addresses.
9:54:09 PM    Host tampers its IP addresses.    IP spoofing detected. Host 07-00-20-00-07-00 (255.255.255.255) tampers its IP addresses.
9:50:13 PM    Host tampers its IP addresses.    IP spoofing detected. Host 06-00-20-00-06-00 (255.255.255.255) tampers its IP addresses.
9:48:58 PM    Host tampers its IP addresses.    IP spoofing detected. Host 05-00-20-00-05-00 (255.255.255.255) tampers its IP addresses.
9:46:30 PM    Host tampers its IP addresses.    IP spoofing detected. Host 3A-F4-20-00-04-00 (255.255.255.255) tampers its IP addresses.
9:44:48 PM    Host tampers its IP addresses.    IP spoofing detected. Host 03-00-20-00-03-00 (255.255.255.255) tampers its IP addresses.
9:41:03 PM    Host tampers its IP addresses.    IP spoofing detected. Host 02-00-20-00-02-00 (255.255.255.255) tampers its IP addresses.

Plz help me guys

MysticHalo · May 8, 2006

No one?

Thankfully, the attacks have stopped now....but still, what WAS IT?

iwillsavetheworld · May 9, 2006

IP spoofing is to change the mac address of lan card with some other address here it is your address the attacker is using. That's why it is showing that it as it tampers the ip address that is to change the mac address.

phatratt · May 9, 2006

255.255.255.255,is'nt this a subnet??Is it possible that some backdoor program has been installed causing this attack??please clarify

it_waaznt_me · May 10, 2006

255.255.255.255 is a broadcast address.Which means that if a packet's destination address is set to broadcast address, all hosts will recieve it .. It cannot be a source address.
Now here whats happening is that your firewall sees that the packet's source address is a broadcast address which cannot be .. So its telling you that someone is spoofing ip address.
You cannot change the mac address of a lan card. Its burned on the rom and contains a unique number.

To the author, Dont worry, maybe some worm was testing your defences. Your firewall will take care of it.

ethernet attack ! Help Plz

MysticHalo

Your Maker.

MysticHalo

Your Maker.

iwillsavetheworld

Right off the assembly line

phatratt

In the zone

it_waaznt_me

Coming back to life ..