RE: Spoofed scans

From: Philip Wagenaar (PB.Wagenaarat_private)
Date: Sun Jan 06 2002 - 17:04:57 PST

  • Next message: Bojan Zdrnja: "RE: Spoofed scans"

    Do you mean get the MAC address? If so MAC addresses aren't unique
    anymore, and how could you lookup what MAC address belongs to what IP?
    
    Philip Wagenaar
    
    > -----Original Message-----
    > From: James [mailto:jameshat_private] 
    > Sent: maandag 7 januari 2002 1:47
    > To: incidentsat_private
    > Subject: Re: Spoofed scans
    > 
    > 
    > Capture the data link layer and get the hardware address. 
    > Perhaps this will indicate the true IP.
    > 
    > 
    > "Ask the plants of the earth and they will teach you." Job 12:8
    > 
    > ----- Original Message -----
    > From: "Richard Arends" <richardat_private>
    > To: <incidentsat_private>
    > Sent: Sunday, January 06, 2002 4:41 AM
    > Subject: Spoofed scans
    > 
    > 
    > > Hello,
    > >
    > > Last couple of weeks i'm getting more and more spoofed scans on my 
    > > firewall. All scans are icmp or port 53 (domain). Mostly 
    > 'they' first 
    > > send a few icmp packets and then a scan for port 53 trying to do a 
    > > reverse lookup for my ip.
    > >
    > > Are there more seeing this type off scans and is there a way to 
    > > substract the real scanner (ip) from the list ip's ???
    > >
    > > Greetings,
    > >
    > > Richard.
    > >
    > > ----
    > > An OS is like swiss cheese, the bigger it is, the more 
    > holes you get!
    > >
    > >
    > > 
    > ----------------------------------------------------------------------
    > > ----
    > --
    > > This list is provided by the SecurityFocus ARIS analyzer 
    > service. For 
    > > more information on this free incident handling, management and 
    > > tracking system please see: http://aris.securityfocus.com
    > >
    > >
    > 
    > 
    > --------------------------------------------------------------
    > --------------
    > This list is provided by the SecurityFocus ARIS analyzer 
    > service. For more information on this free incident handling, 
    > management 
    > and tracking system please see: http://aris.securityfocus.com
    > 
    > 
    
    
    
    
    ----------------------------------------------------------------------------
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management 
    and tracking system please see: http://aris.securityfocus.com
    



    This archive was generated by hypermail 2b30 : Mon Jan 07 2002 - 08:21:20 PST