24 hour strobes from 10.0.x.x

From: Konrad Michels (konrad@overnetdata.com)
Date: 08/22/01 

Message-ID: <3B839D20.7080000@overnetdata.com>
Date: Wed, 22 Aug 2001 12:53:04 +0100
From: Konrad Michels <konrad@overnetdata.com>
To: incidents@securityfocus.com
Subject: 24 hour strobes from 10.0.x.x

For the last 24 hours I've had our firewall hammered repeatedly from
10.0.1.1 - 10.0.1.9, all 9 addresses simultaneously going at all ports
over 1024, over and over again!

Obviously spooofed packet headers - and just as I got annoyed enough to
want to start digging a bit deeper, the silly buggers stop! Now isn't
that annoying! Anyway, what was interesting about this was also that,
if I changed the IP address of the firewall's external interface say one
up or one down, the ruddy things followed it! Obviously then whatever
it was, was continuously strobing a whole block of IP addresses!

Anyone else seen anything like this lately?

Later
Konrad

*************************************************************
* Linux isn't unfriendly -
* its just really picky about who its friends are!
*************************************************************

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com