Spoofed scans

From: Richard Arends (richardat_private)
Date: Sun Jan 06 2002 - 03:41:11 PST

  • Next message: James: "Re: Spoofed scans"

    Hello,
    
    Last couple of weeks i'm getting more and more spoofed scans on my
    firewall. All scans are icmp or port 53 (domain). Mostly 'they' first send
    a few icmp packets and then a scan for port 53 trying to do a reverse
    lookup for my ip.
    
    Are there more seeing this type off scans and is there a way to substract
    the real scanner (ip) from the list ip's ???
    
    Greetings,
    
    Richard.
    
    ----
    An OS is like swiss cheese, the bigger it is, the more holes you get!
    
    
    ----------------------------------------------------------------------------
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management 
    and tracking system please see: http://aris.securityfocus.com
    



    This archive was generated by hypermail 2b30 : Sun Jan 06 2002 - 16:44:42 PST