Spoofed scans

From: Richard Arends (richard@unixguru.nl)
Date: 01/06/02

Date: Sun, 6 Jan 2002 12:41:11 +0100 (CET)
From: Richard Arends <richard@unixguru.nl>
To: <incidents@securityfocus.com>


Last couple of weeks i'm getting more and more spoofed scans on my
firewall. All scans are icmp or port 53 (domain). Mostly 'they' first send
a few icmp packets and then a scan for port 53 trying to do a reverse
lookup for my ip.

Are there more seeing this type off scans and is there a way to substract
the real scanner (ip) from the list ip's ???



An OS is like swiss cheese, the bigger it is, the more holes you get!

---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com

Relevant Pages

  • Re: AD what tcp/ip port or registry settings?
    ... Assuming that you applied the TCP/IP port value to all DC/GCs and rebooted ... I'm still swaying toward a hang-up on the member clients not being ... ICMP did not work over our Frame over ATM links. ... > on the both DC which are also behind the firewall. ...
  • Re: Catching very specific exceptions
    ... management package (including ICMP ping) to windows; ... It could be that some firewall between you and the target is ... The traditional way to tell if a node is up is to send it an ICMP echo ... rather than trying to connect to a TCP port. ...
  • Re: ipfw-ntad-jail
    ... > Ok, so I setup IPFW and NATd on my freeBSD 4.5-RELEASE box, ... > host (dagobah) ... > allow ftp (port 21) ... > add 00600 allow icmp from any to any icmptypes 3 ...
  • Re: Firewalls: whats the use?
    ... >> control the types of ICMP message sent and received. ... Do I really need to implement a firewall just to prevent ICMP? ... packet to crash the OS. ... especially in cases where the packet was destined to a port where no ...
  • Re: Survive without ICMP?
    ... ICMP resides above IP protocol, ... it receives a UDP or TCP packet on port 0 would be packets ... ICMP Type 3 Code 3 (Port unreachable). ... when it receives a TCP packet to a forbidden port which may ...