nanog mailing list archives

Re: how to deal with port scan and brute force attack from AS 8075 ?

From: Bacon Zombie <baconzombie () gmail com>
Date: Thu, 7 Apr 2016 15:59:48 +0200

They should always just use Shodan.

https://www.shodan.io/explore

On 4 April 2016 at 05:54, Brandon Vincent <Brandon.Vincent () asu edu> wrote:

On Thu, Mar 31, 2016 at 4:41 AM, DV <iamzam () gmail com> wrote:

I have noticed this and especially the strange format of the packets with a
SYN/ECE/CWR flag combination: http://pastebin.com/jFCDAmdr

This may be $whoever trying to establish network performance/congestion via
ECN or it could be something else like a fast scan technique or OS
fingerprinting


It's OS fingerprinting. Targeted attacks are far more productive. If
I'm trying to get into an organization, I'd much rather be interested
in Juniper ScreenOS than someone's personal *nix machine.

Brandon Vincent




-- 


BaconZombie

55:55:44:44:4C:52:4C:52:42:41

LOAD "*",8,1

Current thread:

Re: how to deal with port scan and brute force attack from AS 8075 ? DV (Apr 03)
- Re: how to deal with port scan and brute force attack from AS 8075 ? Brandon Vincent (Apr 07)
  - Re: how to deal with port scan and brute force attack from AS 8075 ? Bacon Zombie (Apr 07)
- <Possible follow-ups>
- Re: how to deal with port scan and brute force attack from AS 8075 ? Davide Davini (Apr 03)
- Re: how to deal with port scan and brute force attack from AS 8075 ? cyrus ramirez via NANOG (Apr 03)
- Re: how to deal with port scan and brute force attack from AS 8075 ? William Herrin (Apr 07)
  - Re: how to deal with port scan and brute force attack from AS 8075 ? Owen DeLong (Apr 11)
    - Re: how to deal with port scan and brute force attack from AS 8075 ? Jared Mauch (Apr 11)
    - Re: how to deal with port scan and brute force attack from AS 8075 ? William Herrin (Apr 11)
    - Re: how to deal with port scan and brute force attack from AS 8075 ? Owen DeLong (Apr 11)