Security Incidents mailing list archives
Spoofed scans
From: Richard Arends <richard () unixguru nl>
Date: Sun, 6 Jan 2002 12:41:11 +0100 (CET)
Hello, Last couple of weeks i'm getting more and more spoofed scans on my firewall. All scans are icmp or port 53 (domain). Mostly 'they' first send a few icmp packets and then a scan for port 53 trying to do a reverse lookup for my ip. Are there more seeing this type off scans and is there a way to substract the real scanner (ip) from the list ip's ??? Greetings, Richard. ---- An OS is like swiss cheese, the bigger it is, the more holes you get! ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Spoofed scans Richard Arends (Jan 06)
- Re: Spoofed scans James (Jan 06)
- RE: Spoofed scans Philip Wagenaar (Jan 07)
- Re: Spoofed scans James (Jan 07)
- Re: Spoofed scans Will Aoki (Jan 07)
- RE: Spoofed scans Bojan Zdrnja (Jan 07)
- RE: Spoofed scans Philip Wagenaar (Jan 07)
- Re: Spoofed scans Gideon Lenkey (Jan 07)
- Re: Spoofed scans Crist J. Clark (Jan 07)
- Re: Spoofed scans Richard Arends (Jan 07)
- RE: Spoofed scans Paul M. Tiedemann (Jan 08)
- Re: Spoofed scans Dave Ryan (Jan 08)
(Thread continues...)
- Re: Spoofed scans James (Jan 06)