RE: Spoofed scans

From: Bojan Zdrnja (Bojan.Zdrnja@FER.hr)
Date: 01/07/02


From: "Bojan Zdrnja" <Bojan.Zdrnja@FER.hr>
To: <incidents@securityfocus.com>
Date: Mon, 7 Jan 2002 14:06:23 +0100

Only if machine is on their subnet, of course. Otherwise he'll get hardware
address of his router.
Can you get us more information about those packets ?
I'm interested to see what kind of scanning they do.

Regards,

Bojan Zdrnja

> -----Original Message-----
> From: James [mailto:jamesh@cybermesa.com]
> Sent: 7. siječanj 2002 1:47
> To: incidents@securityfocus.com
> Subject: Re: Spoofed scans
>
>
> Capture the data link layer and get the hardware address.
> Perhaps this will
> indicate the true IP.
>
>
> "Ask the plants of the earth and they will teach you." Job 12:8
>
> ----- Original Message -----
> From: "Richard Arends" <richard@unixguru.nl>
> To: <incidents@securityfocus.com>
> Sent: Sunday, January 06, 2002 4:41 AM
> Subject: Spoofed scans
>
>
> > Hello,
> >
> > Last couple of weeks i'm getting more and more spoofed scans on my
> > firewall. All scans are icmp or port 53 (domain). Mostly
> 'they' first send
> > a few icmp packets and then a scan for port 53 trying to do
> a reverse
> > lookup for my ip.
> >
> > Are there more seeing this type off scans and is there a
> way to substract
> > the real scanner (ip) from the list ip's ???
> >
> > Greetings,
> >
> > Richard.
> >
> > ----
> > An OS is like swiss cheese, the bigger it is, the more
> holes you get!
> >
> >
> >
> --------------------------------------------------------------
> ------------
> --
> > This list is provided by the SecurityFocus ARIS analyzer service.
> > For more information on this free incident handling, management
> > and tracking system please see: http://aris.securityfocus.com
> >
> >
>
>
> --------------------------------------------------------------
> --------------
> This list is provided by the SecurityFocus ARIS analyzer service.
> For more information on this free incident handling, management
> and tracking system please see: http://aris.securityfocus.com
>
>
>

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com



Relevant Pages

  • Re: Which programming jobs will not be sent overseas?
    ... platform-specific hardware configuration options and custom drivers ... tools all supporting multiple operating systems from a common code ... management, overlapped I/O, IOCP, etc. ... -- Hardware configuration and software support for ISA, EISA, PCI, PCI-X, ...
    (comp.programming)
  • Re: Hornby Elite DCC - some comments
    ... No, you don't need to know exactly what "packets" are, but as in all ... understand what "NMRA compliant" means, ... A DCC decoder is a small computer. ... to make any hardware they wanted to make. ...
    (uk.rec.models.rail)
  • Re: vb6 -v- Net!
    ... file is an exact memory image of the program. ... Hardware mapped into memory somewhere or hardware used interrupts or ... management that it had when running in the interpreter. ... windows and the apps look comparably the same. ...
    (microsoft.public.vb.general.discussion)
  • Re: Wireless-N with SNMP and SSH/Telnet
    ... tag for the hardware version. ... lousy luck doing the same thing on v5 and v6 routers a few years ago. ... I use SNMP quite a bit for monitoring: ... That's because they usually don't have any management beyond the usual ...
    (alt.internet.wireless)
  • Re: [Xen-devel] Re: [RFC] [PATCH] sysfs support for Xen attributes
    ... * Xen virtual hardware info (more or less corresponds to what's in /proc now, ... * Domain management ... Mark: To answer a question with a question: What use is a skateboard? ... My wheel has a wheel! ...
    (Linux-Kernel)