24 hour strobes from 10.0.x.x

[Konrad Michels <konrad () overnetdata com>]

For the last 24 hours I've had our firewall hammered repeatedly from 
10.0.1.1 - 10.0.1.9, all 9 addresses simultaneously going at all ports 
over 1024, over and over again!

Obviously spooofed packet headers - and just as I got annoyed enough to 
want to start digging a bit deeper, the silly buggers stop!  Now isn't 
that annoying!  Anyway, what was interesting about this was also that, 
if I changed the IP address of the firewall's external interface say one 
up or one down, the ruddy things followed it!  Obviously then whatever 
it was, was continuously strobing a whole block of IP addresses!

Anyone else seen anything like this lately?

Later
Konrad

*************************************************************
* Linux isn't unfriendly -
* its just really picky about who its friends are!
*************************************************************


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com