Spoofed scans
From: Richard Arends (richard@unixguru.nl)Date: 01/06/02
- Previous message: Nick FitzGerald: "RE: Monkeybrains.net and badtrans compromise information"
- Next in thread: James: "Re: Spoofed scans"
- Reply: James: "Re: Spoofed scans"
- Reply: Richard Arends: "Re: Spoofed scans"
- Reply: Gideon Lenkey: "Re: Spoofed scans"
- Reply: Crist J. Clark: "Re: Spoofed scans"
- Reply: Paul M. Tiedemann: "RE: Spoofed scans"
- Reply: Joshua Wright: "RE: Spoofed scans"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 6 Jan 2002 12:41:11 +0100 (CET) From: Richard Arends <richard@unixguru.nl> To: <incidents@securityfocus.com>
Hello,
Last couple of weeks i'm getting more and more spoofed scans on my
firewall. All scans are icmp or port 53 (domain). Mostly 'they' first send
a few icmp packets and then a scan for port 53 trying to do a reverse
lookup for my ip.
Are there more seeing this type off scans and is there a way to substract
the real scanner (ip) from the list ip's ???
Greetings,
Richard.
---- An OS is like swiss cheese, the bigger it is, the more holes you get!---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
- Previous message: Nick FitzGerald: "RE: Monkeybrains.net and badtrans compromise information"
- Next in thread: James: "Re: Spoofed scans"
- Reply: James: "Re: Spoofed scans"
- Reply: Richard Arends: "Re: Spoofed scans"
- Reply: Gideon Lenkey: "Re: Spoofed scans"
- Reply: Crist J. Clark: "Re: Spoofed scans"
- Reply: Paul M. Tiedemann: "RE: Spoofed scans"
- Reply: Joshua Wright: "RE: Spoofed scans"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
