Firewall Wizards mailing list archives
Spoofed source IP in scans (decoys) - what to do?
From: "Niloc" <niloc () softimage com>
Date: Fri, 26 Nov 1999 11:01:03 -0500
Hi, I have had quite a few scans occuring on a host lately and the scanning method includes the use of "decoys" (in nmap) or spoofed source IP addresses. Of course my problem is that I don't want to blindly deny traffic from all the source IP addresses that appear to be scanning me since I might block legetimate traffic from them. I am wondering what my alternatives are? What would be a good method to find out which IP is really scanning me? Thanks for your help. Niloc.
Current thread:
- Spoofed source IP in scans (decoys) - what to do? Niloc (Nov 29)
- Re: Spoofed source IP in scans (decoys) - what to do? R. DuFresne (Nov 30)
- <Possible follow-ups>
- RE: Spoofed source IP in scans (decoys) - what to do? Wyatt, Anthony (Nov 30)