Re: Source IP/destination IP: how close is too close?

["Guillaume" <guillaume () anteria fr>]

Dans son précédent message John Sage écrivait :

> I just had to post this snort capture of a probe to tcp:12345 --
> look at  the source IP address relative to my destination IP
> address as a dialup  to access.att.net, out of AT&T's Seattle, WA
> pop...
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
> 01/17-18:47:48.819272 12.82.129.234:1182 -> 12.82.129.235:12345
> TCP TTL:127 TOS:0x0 ID:18697 IpLen:20 DgmLen:48 DF
> ******S* Seq: 0x21DD8C  Ack: 0x0  Win: 0x2000  TcpLen: 28
> TCP Options (4) => MSS: 536 NOP NOP SackOK
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
> I mean, this guy is right on top of me ;-)
>
> Think I should go yell out the front door for him to knock it
> off?
>
> This is some clown I see a lot of; he's always nearby, but he's
> never  been this "close".

Well well... if only close IPs meant "guy next door"... :-)

I see lots of close IPs playing along with mine, some very very close,
but coming - geographically speaking - from Iran, and I live in Paris,
France !

But if you'd like to yell out there too, I'm your man ! :-)

Most of times it's just hazardeous automatic scannning scripts
anyway...

Guillaume

[ Sent with SquirrelMail -  http://www.squirrelmail.org     ]



_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users