nanog mailing list archives

Re: port scanning from spoofed addresses

From: Florian Weimer <fweimer () bfk de>
Date: Thu, 03 Dec 2009 17:35:14 +0000

* Matthew Huff:

We are seeing a large number of tcp connection attempts to ports
known to have security issues. The source addresses are spoofed from
our address range. They are easy to block at our border router
obviously, but the number and volume is a bit worrisome. Our
upstream providers appear to be uninterested in tracing or blocking
them. Is this the new normal? One of my concerns is that if others
are seeing probe attempts, they will see them from these addresses
and of course, contact us.


What's the distribution of the source addresses and source ports?

-- 
Florian Weimer                <fweimer () bfk de>
BFK edv-consulting GmbH       http://www.bfk.de/
Kriegsstraße 100              tel: +49-721-96201-1
D-76133 Karlsruhe             fax: +49-721-96201-99

Current thread:

port scanning from spoofed addresses Matthew Huff (Dec 03)
- Re: port scanning from spoofed addresses Florian Weimer (Dec 03)
  - RE: port scanning from spoofed addresses Matthew Huff (Dec 03)
    - Re: port scanning from spoofed addresses Charles Wyble (Dec 03)
    - RE: port scanning from spoofed addresses Matthew Huff (Dec 03)
    - Re: port scanning from spoofed addresses Gregory Edigarov (Dec 04)
- RE: port scanning from spoofed addresses Stefan Fouant (Dec 03)
- Re: port scanning from spoofed addresses Suresh Ramasubramanian (Dec 04)