Just after midnight local time, one my IDS boxes that monitors a small residential broadband network lit up with a bunch of traffic using spoofed source IP of 127.0.0.1, source port 80, destination IPs all over the /16, dest ports all in the range of 1002-1992. Googling for a pattern like this doesn't turn up much, and no exact match. Anyone else seen similar? --Chris --------------------------------------------------------------------------- Attend Black Hat Briefings & Training Federal, September 29-30 (Training), October 1-2 (Briefings) in Tysons Corner, VA; the world's premier technical IT security event. Modeled after the famous Black Hat event in Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors. Symantec is the Diamond sponsor. Early-bird registration ends September 6.Visit us: www.blackhat.com ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Tue Aug 26 2003 - 09:05:31 PDT