('binary' encoding is not supported, stored as-is) The machines listed below have been running UDP scans against our firewall for some time. The scans really picked up on March 18th, but never got more than 20 a day or so. These scans are apparently on random UDP ports, and from randomly selected machines in the list below. If anyone is interested, I have all of the events this year in a spreadsheet. They are nearly unnoticeable when displayed by date and time, but become apparent when sorted by source IP. Has anyone else experienced scans like this from these boxes? I spoke to AOL, and they confirmed my beliefs and said that indeed people were bouncing off their servers looking for trojaned UDP ports. 1) They are aware of it and we aren't the only one's who contacted them about it. 2) They know that they can easily stop the behavior, but they won't pursue the issue unless we have suffered some kind of loss. 152.163.159.225 rtc-ext1.ns.aol.com 152.163.159.226 rtc-ext2.ns.aol.com 152.163.159.227 rtc-ext3.ns.aol.com 152.163.159.228 rtc-ext4.ns.aol.com 152.163.159.229 rtc-ext5.ns.aol.com 152.163.159.230 rtc-ext6.ns.aol.com 205.188.157.225 dtc-ext1.ns.aol.com 205.188.157.226 dtc-ext2.ns.aol.com 205.188.157.227 dtc-ext3.ns.aol.com 205.188.157.228 dtc-ext4.ns.aol.com 205.188.157.230 dtc-ext6.ns.aol.com 64.12.51.129 mtc-ext1.ns.aol.com 64.12.51.130 mtc-ext2.ns.aol.com 64.12.51.141 mtc-ext3.ns.aol.com 64.12.51.142 mtc-ext4.ns.aol.com 64.12.51.143 mtc-ext5.ns.aol.com 64.12.51.144 mtc-ext6.ns.aol.com ---------------------------------------------------------------------------- Powerful Anti-Spam Management and More... SurfControl E-mail Filter puts the brakes on spam, viruses and malicious code. Safeguard your business critical communications. Download a free 30-day trial: http://www.securityfocus.com/SurfControl-incidents
This archive was generated by hypermail 2b30 : Thu Apr 03 2003 - 16:45:19 PST