-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > -----Original Message----- > From: Fernando Cardoso [mailto:fernando.cardosoat_private] > Sent: Monday, September 17, 2001 3:32 AM > > I don't think you should be looking for a ping scan tool. > From the data you > sent, it seems that the box x.x.x.x tried to connect to > 202.46.194.5 on port > TCP 32165 and, [...] Fernando (and others), these packets can not be response packets to anything originating from my network since there IS NO HOST ON X.X.X.X. A discussion last night with Chris Morrow seems to be closer on track. I've been receiving these packets from about 40 different hosts, with the destination host varying (for the most part, again, unassigned IP's). These packets appear to be responses from a syn-flooded system with spoofed addresses (mine...*sigh*). This would explain the randomness of source/dest IP and time. I've seen these 'unreachables' (from/to non-existent hosts) before, but attributed them to a scan, rather than an attack. Regards, Frank -----BEGIN PGP SIGNATURE----- Version: PGP Personal Privacy 6.5.8 Comment: PGP or S/MIME (X.509) encrypted email preferred. iQA/AwUBO6YACZytSsEygtEFEQI/0wCfangngYBeMUtCBHLLOC8VzIxnEV8AoKbp 7IykEqUVlKO63UkWci8ROvw9 =OC6e -----END PGP SIGNATURE----- ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Mon Sep 17 2001 - 08:18:36 PDT