RE: Spoofed scans

From: Bojan Zdrnja (Bojan.Zdrnja@FER.hr)
Date: 01/07/02

Previous message: Philip Wagenaar: "RE: Spoofed scans"
In reply to: James: "Re: Spoofed scans"
Next in thread: Richard Arends: "Re: Spoofed scans"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: "Bojan Zdrnja" <Bojan.Zdrnja@FER.hr>
To: <incidents@securityfocus.com>
Date: Mon, 7 Jan 2002 14:06:23 +0100

Only if machine is on their subnet, of course. Otherwise he'll get hardware
address of his router.
Can you get us more information about those packets ?
I'm interested to see what kind of scanning they do.

Regards,

Bojan Zdrnja

> -----Original Message-----
> From: James [mailto:jamesh@cybermesa.com]
> Sent: 7. sijeèanj 2002 1:47
> To: incidents@securityfocus.com
> Subject: Re: Spoofed scans
>
>
> Capture the data link layer and get the hardware address.
> Perhaps this will
> indicate the true IP.
>
>
> "Ask the plants of the earth and they will teach you." Job 12:8
>
> ----- Original Message -----
> From: "Richard Arends" <richard@unixguru.nl>
> To: <incidents@securityfocus.com>
> Sent: Sunday, January 06, 2002 4:41 AM
> Subject: Spoofed scans
>
>
> > Hello,
> >
> > Last couple of weeks i'm getting more and more spoofed scans on my
> > firewall. All scans are icmp or port 53 (domain). Mostly
> 'they' first send
> > a few icmp packets and then a scan for port 53 trying to do
> a reverse
> > lookup for my ip.
> >
> > Are there more seeing this type off scans and is there a
> way to substract
> > the real scanner (ip) from the list ip's ???
> >
> > Greetings,
> >
> > Richard.
> >
> > ----
> > An OS is like swiss cheese, the bigger it is, the more
> holes you get!
> >
> >
> >
> --------------------------------------------------------------
> ------------
> --
> > This list is provided by the SecurityFocus ARIS analyzer service.
> > For more information on this free incident handling, management
> > and tracking system please see: http://aris.securityfocus.com
> >
> >
>
>
> --------------------------------------------------------------
> --------------
> This list is provided by the SecurityFocus ARIS analyzer service.
> For more information on this free incident handling, management
> and tracking system please see: http://aris.securityfocus.com
>
>
>

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com

Previous message: Philip Wagenaar: "RE: Spoofed scans"
In reply to: James: "Re: Spoofed scans"
Next in thread: Richard Arends: "Re: Spoofed scans"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: Which programming jobs will not be sent overseas?
... platform-specific hardware configuration options and custom drivers ... tools all supporting multiple operating systems from a common code ... management, overlapped I/O, IOCP, etc. ... -- Hardware configuration and software support for ISA, EISA, PCI, PCI-X, ...
(comp.programming)
Re: SAS-Controler für NetWare
... Rahmen, einfach ein Raid aus einem Server rausnehmen, und in einen ... Dell) labeln einfach ... Apropos Management: Auch in dem Bereich ist HP absolut konkurrenzlos. ... Meine Erfahrungen mit Dell Server Hardware und dem Support dazu, ...
(de.comp.sys.novell)
[PATCH NET-NEXT 03/10] net: new user space API for time stamping of incoming and outgoing packet
... User space can request hardware and/or software time stamping. ... approximate send time stamp by receiving the looped ... +stamps can be generated and returned for arbitrary packets and much ...
(Linux-Kernel)
[PATCH NET-NEXT 03/10] net: new user space API for time stamping of incoming and outgoing packet
... User space can request hardware and/or software time stamping. ... approximate send time stamp by receiving the looped ... +stamps can be generated and returned for arbitrary packets and much ...
(Linux-Kernel)
[PATCH NET-NEXT 01/12] net: new user space API for time stamping of incoming and outgoing packet
... User space can request hardware and/or software time stamping. ... approximate send time stamp by receiving the looped ... +stamps can be generated and returned for arbitrary packets and much ...
(Linux-Kernel)