Security Incidents mailing list archives
(no subject)
From: henris () BGA COM (Henri J. Schlereth)
Date: Thu, 1 Jun 2000 09:30:26 -0500
Date: Tue, 30 May 2000 10:38:30 -0700 From: Bill Pennington <billp () ROCKETCASH COM> Subject: Increase in activity from China MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Has anyone else noticed a dramatic increase in network scans originating from China based IPs? It seems like the day the normalized trade relations bill passed the house, I started getting scans from China. Before I had not noticed any scans from China. Does anyone have a good contact to report China based probes? -- Bill Pennington Senior IT Manager Rocketcash billp () rocketcash com http://www.rocketcash.com
It may not necessarily be China. Last year I had 4 probe/attacks. This year I have already had 25. I run an intranet with a dial-up and Linux firewall. The external IP is dnynamic and changes every four hours. Of the 25, 4 were from Korea. I am actively tracking the last incident from Korea and it looks like someone in America took over a Korean machine and was using it to probe/ attack. I understand that probing/scanning isnt necessarily illegal. For that purpose I run monitoring software. But when someone tries to actually access a service from the outside, w/o my permission I define that as an attack. Additionally, if you are scanning my ports and are using a different machine other than your own, you make my suspect list. So in short, it's possible that these scans/attacks are being redirected from here. Henri
Current thread:
- (no subject) Henri J. Schlereth (Jun 01)