nanog mailing list archives
Re: Stopping ip range scans
From: jlewis () lewis org
Date: Mon, 29 Dec 2003 09:49:21 -0500 (EST)
On Mon, 29 Dec 2003 william () elan net wrote:
Recently (this year...) I've noticed increasing number of ip range scans of various types that envolve one or more ports being probed for our entire ip blocks sequentially. At first I attributed all this to various
What ports are being probed? SOP for script kiddies for at least 10 years has been find a box you can hack root on, install a vulnerability scanner for the remote-root vulnerability d'jour, fire it up, and come back in a day or so to see what you've found. Then hack the newly found vulnerable boxes, install the scanner on each of them, and repeat the process. Some of these packages have done things like download the .com zone (back when F allowed this) and scan all NS's for bind vulnerabilities. Others just pick a random IP and scan sequentially higher IPs. More recently, some packages have combined the scanning and hacking. If you don't want the scans, block everything you don't want at your router. Otherwise, just make sure your systems are up to date. A common OS with unpatched known remotely exploitable holes doesn't last long on an unfiltered internet connection. ---------------------------------------------------------------------- Jon Lewis *jlewis () lewis org*| I route Senior Network Engineer | therefore you are Atlantic Net | _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
Current thread:
- Stopping ip range scans william (Dec 29)
- Re: Stopping ip range scans Chris Brenton (Dec 29)
- Re: Stopping ip range scans william (Dec 29)
- Re: Stopping ip range scans John R. Levine (Dec 29)
- Re: Stopping ip range scans jlewis (Dec 29)
- Re: Stopping ip range scans Perry E. Metzger (Dec 29)
- Re: Stopping ip range scans Anton L. Kapela (Dec 29)
- Re: Stopping ip range scans Phil Rosenthal (Dec 29)
- <Possible follow-ups>
- RE: Stopping ip range scans william (Dec 29)
- Re: Stopping ip range scans haesu (Dec 29)