RE: Traffic To dark address space

["Murda Mcloud" <murdamcloud () bigpond com>]

I have seen an increase in drops on our perimeter too-at least 50% up from
last month. The number of blocked addresses is higher than I have ever seen
it. Ports are weird but whatever is doing it keeps knocking at the same door
over and over again:
Different ports though:
45458 45459 45074
22081
2814 etc

I don't know if it is related or not. How do you define dark space? The way
I've pictured it is IP ranges/addresses that either come and go at very
short notice and/or when they have not been legitimately assigned.
-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On
Behalf Of Ken Swain
Sent: Wednesday, May 23, 2007 6:49 AM
To: security-basics () securityfocus com
Subject: Traffic To dark address space

Group,

I am seeing tons of drops on my firewall and IPS correlated threw my  
SIM to and from Dark Address space. Not all machines on my network  
are doing this, but enough are that it is becoming a massive amount  
do deal with.

I have done a Virus scan and patch check on the boxes and they all  
came up clean. All this traffic started with in the past month and  
has steadily increased. The ports are 137, 9100, 113, 67,27604 and  
27605. It appears to hit a block of dark address space and then move  
on to anouther only to come back later.

Any ideas?

--Ken