Security Incidents mailing list archives
Re: CRv2 multiple scans from same source IP
From: Valdis.Kletnieks () vt edu
Date: Sun, 05 Aug 2001 23:23:00 -0400
On Sun, 05 Aug 2001 20:39:14 EDT, John Davidson <jwd_ods () hotmail com> said:
The IP is outside my Class A address space. From the analysis of CRv2 published at www.eeye.com this should not be possible, or at least the likelihood of such an occurence is much greater than winning a very big lottery... I should maybe buy a ticket! ;-).
The odds of winning a large lottery are usually on the order of 1 per million. A million tickets sold is a *lot*. A million probes is *nothing*. Figure out how many scans/second 10,000 hosts with CodeRedII (which has 300-600 non-blocking threads) will produce... At that rate, you dont NEED a very high chance of popping into a new /8 or /16. ;) -- Valdis Kletnieks Operating Systems Analyst Virginia Tech
Attachment:
_bin
Description:
Current thread:
- CRv2 multiple scans from same source IP John Davidson (Aug 05)
- Re: CRv2 multiple scans from same source IP Luc Pardon (Aug 05)
- Re: CRv2 multiple scans from same source IP Chris Freeze (Aug 05)
- Re: CRv2 multiple scans from same source IP Chris Freeze (Aug 05)
- RE: CRv2 multiple scans from same source IP Gareth Hastings (Aug 06)
- Re: CRv2 multiple scans from same source IP Paul Gear (Aug 06)
- Re: CRv2 multiple scans from same source IP Valdis . Kletnieks (Aug 05)
- RE: CRv2 multiple scans from same source IP robh (Aug 05)
- Re: CRv2 multiple scans from same source IP corecode (Aug 06)
- Re: CRv2 multiple scans from same source IP Lee Smith (Aug 06)
- RE: CRv2 multiple scans from same source IP Andrew Cruse (Aug 06)
- Re: CRv2 multiple scans from same source IP Ryan Russell (Aug 06)
- Re: CRv2 multiple scans from same source IP Andy Berkheimer (Aug 06)
- Re: CRv2 multiple scans from same source IP corecode (Aug 07)
- Re: CRv2 multiple scans from same source IP Lee Smith (Aug 06)
- Re: CRv2 multiple scans from same source IP Bryan Andersen (Aug 06)
- Re: CRv2 multiple scans from same source IP Luc Pardon (Aug 05)
- <Possible follow-ups>
- RE: CRv2 multiple scans from same source IP Tim Hollebeek (Aug 06)
- RE: CRv2 multiple scans from same source IP corecode (Aug 06)