Security Basics mailing list archives
Re: Traffic To dark address space
From: Ken Swain <ken () kenswain com>
Date: Wed, 23 May 2007 00:19:38 -0500
I normally say it is address that are not legitimately assigned. What was the start date of the increase? Mine started on the 24th of april.
On May 23, 2007, at 12:20 AM, Murda Mcloud wrote:
I have seen an increase in drops on our perimeter too-at least 50% up from last month. The number of blocked addresses is higher than I have ever seen it. Ports are weird but whatever is doing it keeps knocking at the same doorover and over again: Different ports though: 45458 45459 45074 22081 2814 etcI don't know if it is related or not. How do you define dark space? The way I've pictured it is IP ranges/addresses that either come and go at veryshort notice and/or when they have not been legitimately assigned. -----Original Message-----From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] OnBehalf Of Ken Swain Sent: Wednesday, May 23, 2007 6:49 AM To: security-basics () securityfocus com Subject: Traffic To dark address space Group, I am seeing tons of drops on my firewall and IPS correlated threw my SIM to and from Dark Address space. Not all machines on my network are doing this, but enough are that it is becoming a massive amount do deal with. I have done a Virus scan and patch check on the boxes and they all came up clean. All this traffic started with in the past month and has steadily increased. The ports are 137, 9100, 113, 67,27604 and 27605. It appears to hit a block of dark address space and then move on to anouther only to come back later. Any ideas? --Ken
Current thread:
- Traffic To dark address space Ken Swain (May 22)
- RE: Traffic To dark address space Murda Mcloud (May 23)
- Re: Traffic To dark address space Ken Swain (May 23)
- Re: Traffic To dark address space Ken Swain (May 23)
- RE: Traffic To dark address space David Gillett (May 24)
- RE: Traffic To dark address space Murda Mcloud (May 24)
- RE: Traffic To dark address space Murda Mcloud (May 23)