Hello, Last couple of weeks i'm getting more and more spoofed scans on my firewall. All scans are icmp or port 53 (domain). Mostly 'they' first send a few icmp packets and then a scan for port 53 trying to do a reverse lookup for my ip. Are there more seeing this type off scans and is there a way to substract the real scanner (ip) from the list ip's ??? Greetings, Richard. ---- An OS is like swiss cheese, the bigger it is, the more holes you get! ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Sun Jan 06 2002 - 16:44:42 PST