I have seen them scan for misconfigured TP servers all the time .. and I block that on all of my firewalls, I think we all know when they add a new subnet, we get scanned and add it to our list of Wanadoo .. but what I'm saying is that this is the first time I see them originate high port and scan the destination port 53 .. that is what is new. Gary B At 10:42 AM 8/16/2002 -0500, WebMasterat_private wrote: >I think the better question is, "has anyone ever seen the scans STOP". > >wanadoo.fr is notorious for allowing this kind of garbage... > >Thanks, >Michael Sorbera >Webmaster >Randolph-Brooks Federal Credit Union > >"Never approach a problem with preconceived notions...having a theory is >something different, but having a preconceived notion means that you're not >necessarily going to look for data...you're going to look for data that >supports your assumption." > > > > > Gary > Baribault > <gary@baribaul To: > incidentsat_private > t.net> cc: > > Subject: BIND scan from > Wanadoo.fr > 08/15/2002 > > 07:23 > PM > > > > > > > > >I am used to seeing those idiots scanning for FTP and I have them all >blocked in and out with out logged .. Recently I say a big jump in OUTPUT >REJECTs and when I investigated I found 62.155/11 scanning for BIND .. I >also recently noticed them scanning for HTTP. Anyone seen this as well? > >Gary Baribault >garyat_private > > >---------------------------------------------------------------------------- > >This list is provided by the SecurityFocus ARIS analyzer service. >For more information on this free incident handling, management >and tracking system please see: http://aris.securityfocus.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Fri Aug 16 2002 - 09:40:04 PDT