On Fri, 2003-02-14 at 11:35, Neil Dickey wrote: > > My questions are these: Does anyone know what sort of probe is being used? > Is this in fact a probe of our site, or just backsplash from a scan of another > site using our IPs as spoofed source addresses? Is it something else I > haven't thought of? In my experience most Dst URs are the result of DOS attacks by third parties who have use forged sources addresses (some being yours). The result is that someone blocks the traffic at a router somewhere and unless they think to disable URs they spray out all over the net. -- Russell Fulton, Computer and Network Security Officer The University of Auckland, New Zealand "It aint necessarily so" - Gershwin ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Thu Feb 13 2003 - 19:09:50 PST