RE: Spoofed scans

From: Philip Wagenaar (PB.Wagenaarat_private)
Date: Sun Jan 06 2002 - 17:04:57 PST

Next message: Bojan Zdrnja: "RE: Spoofed scans"

Previous message: James: "Re: Spoofed scans"
In reply to: James: "Re: Spoofed scans"
Next in thread: James: "Re: Spoofed scans"
Next in thread: Bojan Zdrnja: "RE: Spoofed scans"
Reply: James: "Re: Spoofed scans"
Reply: Will Aoki: "Re: Spoofed scans"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Do you mean get the MAC address? If so MAC addresses aren't unique
anymore, and how could you lookup what MAC address belongs to what IP?

Philip Wagenaar

> -----Original Message-----
> From: James [mailto:jameshat_private] 
> Sent: maandag 7 januari 2002 1:47
> To: incidentsat_private
> Subject: Re: Spoofed scans
> 
> 
> Capture the data link layer and get the hardware address. 
> Perhaps this will indicate the true IP.
> 
> 
> "Ask the plants of the earth and they will teach you." Job 12:8
> 
> ----- Original Message -----
> From: "Richard Arends" <richardat_private>
> To: <incidentsat_private>
> Sent: Sunday, January 06, 2002 4:41 AM
> Subject: Spoofed scans
> 
> 
> > Hello,
> >
> > Last couple of weeks i'm getting more and more spoofed scans on my 
> > firewall. All scans are icmp or port 53 (domain). Mostly 
> 'they' first 
> > send a few icmp packets and then a scan for port 53 trying to do a 
> > reverse lookup for my ip.
> >
> > Are there more seeing this type off scans and is there a way to 
> > substract the real scanner (ip) from the list ip's ???
> >
> > Greetings,
> >
> > Richard.
> >
> > ----
> > An OS is like swiss cheese, the bigger it is, the more 
> holes you get!
> >
> >
> > 
> ----------------------------------------------------------------------
> > ----
> --
> > This list is provided by the SecurityFocus ARIS analyzer 
> service. For 
> > more information on this free incident handling, management and 
> > tracking system please see: http://aris.securityfocus.com
> >
> >
> 
> 
> --------------------------------------------------------------
> --------------
> This list is provided by the SecurityFocus ARIS analyzer 
> service. For more information on this free incident handling, 
> management 
> and tracking system please see: http://aris.securityfocus.com
> 
> 




----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: Bojan Zdrnja: "RE: Spoofed scans"
Previous message: James: "Re: Spoofed scans"
In reply to: James: "Re: Spoofed scans"
Next in thread: James: "Re: Spoofed scans"
Next in thread: Bojan Zdrnja: "RE: Spoofed scans"
Reply: James: "Re: Spoofed scans"
Reply: Will Aoki: "Re: Spoofed scans"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Jan 07 2002 - 08:21:20 PST