Security Incidents mailing list archives
24 hour strobes from 10.0.x.x
From: Konrad Michels <konrad () overnetdata com>
Date: Wed, 22 Aug 2001 12:53:04 +0100
For the last 24 hours I've had our firewall hammered repeatedly from 10.0.1.1 - 10.0.1.9, all 9 addresses simultaneously going at all ports over 1024, over and over again!
Obviously spooofed packet headers - and just as I got annoyed enough to want to start digging a bit deeper, the silly buggers stop! Now isn't that annoying! Anyway, what was interesting about this was also that, if I changed the IP address of the firewall's external interface say one up or one down, the ruddy things followed it! Obviously then whatever it was, was continuously strobing a whole block of IP addresses!
Anyone else seen anything like this lately? Later Konrad ************************************************************* * Linux isn't unfriendly - * its just really picky about who its friends are! ************************************************************* ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service.For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- 24 hour strobes from 10.0.x.x Konrad Michels (Aug 22)
- <Possible follow-ups>
- RE: 24 hour strobes from 10.0.x.x Graham Bignell (Aug 22)
- Re: 24 hour strobes from 10.0.x.x Konrad Michels (Aug 23)