Security Incidents mailing list archives
smurf scanning
From: jlewis () LEWIS ORG (Jon Lewis)
Date: Sun, 20 Feb 2000 18:17:55 -0500
I was scanning through some firewall logs for a client this weekend and noticed 40 scans in the past week for either 8/0/icmp x.y.z.0 or 8/0/icmp x.y.z.255 (they have a T1 to the net and a single /24). Alot of the scans came from dialups in Italy or the UK. A few were hacked Linux boxes (one in the US, one in Italy, one in Korea). I guess the people who use smurf have to continually hunt for networks appropriate for smurf amplification...but I didn't realize they were this actively scanning the net. Also present in the logs were people scanning the entire /24 for dns servers, and other less common protocols. Are others seeing/noticing similar things? ---------------------------------------------------------------------- Jon Lewis *jlewis () lewis org*| Spammers will be winnuked or System Administrator | nestea'd...whatever it takes Atlantic Net | to get the job done. _________http://www.lewis.org/~jlewis/pgp for PGP public key__________
Current thread:
- smurf scanning Jon Lewis (Feb 20)
- Re: smurf scanning Robert Graham (Feb 21)
- rooted Philip Champon (Feb 22)
- Re: rooted Omachonu Ogali (Feb 23)
- Re: rooted Administrator (Feb 23)
- Being Hacked?! Please Help!! Francis Lee (Feb 24)
- Re: rooted John Kougoulos (Feb 24)
- Re: smurf scanning Rick Magill (Feb 23)
- rooted Philip Champon (Feb 22)
- @home: Is *anyone* really home there??? Missouri FreeNet Administration (Feb 22)
- Re: @home: Is *anyone* really home there??? Omachonu Ogali (Feb 22)
- Re: @home: Is *anyone* really home there??? Jim Littlefield (Feb 23)
(Thread continues...)
- Re: smurf scanning Robert Graham (Feb 21)