Spoofed scans

From: Richard Arends (richardat_private)
Date: Sun Jan 06 2002 - 03:41:11 PST

Next message: James: "Re: Spoofed scans"

Previous message: Nick FitzGerald: "RE: Monkeybrains.net and badtrans compromise information"
Next in thread: James: "Re: Spoofed scans"
Reply: James: "Re: Spoofed scans"
Reply: Gideon Lenkey: "Re: Spoofed scans"
Reply: Crist J. Clark: "Re: Spoofed scans"
Reply: Paul M. Tiedemann: "RE: Spoofed scans"
Reply: Joshua Wright: "RE: Spoofed scans"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello,

Last couple of weeks i'm getting more and more spoofed scans on my
firewall. All scans are icmp or port 53 (domain). Mostly 'they' first send
a few icmp packets and then a scan for port 53 trying to do a reverse
lookup for my ip.

Are there more seeing this type off scans and is there a way to substract
the real scanner (ip) from the list ip's ???

Greetings,

Richard.

----
An OS is like swiss cheese, the bigger it is, the more holes you get!


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: James: "Re: Spoofed scans"
Previous message: Nick FitzGerald: "RE: Monkeybrains.net and badtrans compromise information"
Next in thread: James: "Re: Spoofed scans"
Reply: James: "Re: Spoofed scans"
Reply: Gideon Lenkey: "Re: Spoofed scans"
Reply: Crist J. Clark: "Re: Spoofed scans"
Reply: Paul M. Tiedemann: "RE: Spoofed scans"
Reply: Joshua Wright: "RE: Spoofed scans"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sun Jan 06 2002 - 16:44:42 PST