Firewall Wizards mailing list archives
Re: repetitive port scanning, why?
From: Robert Graham <robert_david_graham () yahoo com>
Date: Thu, 5 Aug 1999 22:34:21 -0700 (PDT)
--- Fred Kreitzberg <fkreitz () rei com> wrote:
Our web store underwent a heavy port scan yesterday. It was unusual in both the number of scans, the port scanning pattern and the fact they scanned each port 6 times. They were fast too, 8600 scans in less then 2 minutes. Is this a new product/technique?
A SYN/stealth scan can easily run this fast. It's not even to hard to send 8600 packets in 2-seconds, much less 2-minutes. If you are running a firewall that drops SYN packets, then a scanner assumes that some get lost in transit. Therefore, the scanner doesn't know whether the firewall dropped the packet, or if the packet was lost somewhere in the Internet. In short, this could easily be 'nmap', as well as a dozen other TCP scanners that hit your site. Most people do 'fast' scans looking for specific port numbers; actually scanning all possible port numbers is fairly rare. Rob. === Robert Graham "Anxiously awaiting the millenium so I can start programming dates with 2-digits again." _____________________________________________________________ Do You Yahoo!? Free instant messaging and more at http://messenger.yahoo.com
Current thread:
- repetitive port scanning, why? Fred Kreitzberg (Aug 04)
- Re: repetitive port scanning, why? Siglite (Aug 05)
- Re: repetitive port scanning, why? Michael H. Warfield (Aug 06)
- <Possible follow-ups>
- Re: repetitive port scanning, why? Robert Graham (Aug 06)