Security Basics mailing list archives
Re: IP flood?
From: "Pat Moffitt" <pmoffitt () wrv com>
Date: Wed, 17 Sep 2003 15:00:55 -0700
Port scans seem to be a fact of life... Some of the viruses and worms are scanning to find victims right now. The amount our 5 addresses are getting scanned has gone up by orders of magnitude in the last month. Pat Moffitt MIS Administrator Western Recreational Vehicles, Inc ----- Original Message ----- From: "Eric Brown" <ericbrow () ziplip com> To: <security-basics () securityfocus com> Sent: Wednesday, September 17, 2003 9:01 AM Subject: IP flood?
Hello all, I've been watching the list for quite a while now, and I've run across a
problem where I can't find a solution.
My neighbor got cable internet a few months ago. He's got a Win98 machine
that's running the latest version of Zone Alarm.
Two weeks ago, he started getting pings that appeared to be from many
different IP's, all within the cable ISP's IP range. He likes to see any kind of hits he gets, so he has Zone Alarm set to pop up a window each time. The pings are not steady. He might get one in a 10 second window, then a dozen in the next second.
He call tech support, and they changed his dynamic IP to a different one,
and this stopped the activity for about an hour. I uninstalled an older version of Zone Alarm, and installed the newest one, and the activity stopped for about 2 hours. His Norton's anti-virus is fully updated. I've run NMap and LANguard network scanner. With zone alarm on, he doesn't show up. Without zone alarm, no ports other than what you would expect on a Win98 machine (no 31337). I ran grc.com's Shields Up and got nothing.
Can we stop the IP flood? Can or should the ISP? Or should he just shut
off notification in Zone Alarm so he doesn't see the messages.
Thanks, Eric Brown To do is to be. -Socrates To be is to do. -Satre Do be do be do. -Sinatra --------------------------------------------------------------------------
-
Captus Networks Are you prepared for the next Sobig & Blaster? - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans - Precisely Define and Implement Network Security - Automatically Control P2P, IM and Spam Traffic FIND OUT NOW - FREE Vulnerability Assessment Toolkit http://www.captusnetworks.com/ads/42.htm --------------------------------------------------------------------------
-- --------------------------------------------------------------------------- Captus Networks Are you prepared for the next Sobig & Blaster? - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans - Precisely Define and Implement Network Security - Automatically Control P2P, IM and Spam Traffic FIND OUT NOW - FREE Vulnerability Assessment Toolkit http://www.captusnetworks.com/ads/42.htm ----------------------------------------------------------------------------
Current thread:
- IP flood? Eric Brown (Sep 17)
- Re: IP flood? Brad Arlt (Sep 17)
- Re: IP flood? Pat Moffitt (Sep 17)
- <Possible follow-ups>
- RE: IP flood? Wright, Jeremy (Sep 17)
- RE: IP flood? Chris Merkel (Sep 17)