Spoofattack from 127.0.0.1

[Robert.]

Dear everyone,

I've got a problem with Microsoft ISA-server, can somebody
please help me!

From one day to another I found loads of the following
warning message in te Application Event viewer:

"ISA Server detected a spoof attack from Internet Protocol
(IP) address 127.0.0.1. A spoof attack occurs when an IP
address that is not reachable via the interface on which
the packet was received. If logging for dropped packets is
set, you can view details in the packet filter log."

Can somebody help me, I don't have the slightest idea what
to do with this warning and where is comes from.

Thank you in advance.
Robert.

 

[Guest]

127.0.0.1 is your computers own local number, it seems that you are sending messages to yourself.
Dont know why, but it is not someone from outside that tries too hack you.

 

[Vanguard]

Yes, it IS from someone outside trying to attack you. It's the old SYN
flood attack. Send a packet with a spoofed IP address for the sender.
The sender writes the packet so they can put whatever IP address they
want into it. In this case, they put in 127.0.0.1 thinking some users
will recognize that as being "localhost" but the packet did NOT
originate at localhost and is a probe or attack from outside.

See http://grc.com/dos/drdos.htm for more information. Basically the
scum is trying to flood your computer with SYN attacks to which you will
supposedly respond with SYN/ACK packets. They don't care that the
packets never get returned to them. In fact, maybe it doubles the
trouble by having you send them back to yourself.

Have your firewall block (ignore) this crap.

--
__________________________________________________
Post replies to newsgroup. E-mail not accepted.
__________________________________________________

127.0.0.1 is your computers own local number, it seems that you are sending messages to yourself.
Dont know why, but it is not someone from outside that tries too hack

you.