i've got a couple of mails saying this might happen only if 'Drop source
routed frames' option is
disabled, however i've checked both servers .config file, and it is
_enabled_.
Thanx,
-- Vedad Kajtaz
Vedad Kajtaz wrote:
>
> Hi,
>
> i'm running several tcp/ip servers on two 2.0.36 boxes, and found the
> following in this
> morning logs (on each server and makes me think its a hack attempt):
>
> - Accepting client from 1.0.0.0
>
> This means a connection has been successfully accept()'ed, from 1.0.0.0
> (server does an sprintf of
> inet_ntoa on accepted ip) which is as far as i know an invalid internet
> address.
> Servers are up and running correctly since few months and i dont beleive
> this is a bug.
>
> How is it possible for someone to *establish* a connection with a fake
> adress? i know packets can be
> sent pretending to be someone else, but i thought that all tcp sequence
> stuf would make this impossible
> (note i had more then ten such logs, thus more then ten successfull
> connects, on three different server
> process')
>
> Any comments would be highly appreciated,
>
> Thanx,
>
> -- Vedad Kajtaz
>
> -
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@vger.rutgers.edu
> Please read the FAQ at http://www.tux.org/lkml/
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/