Security Incidents mailing list archives
Re: echo scans
From: Nicolas Gregoire <nicolas.gregoire () 7THZONE COM>
Date: Thu, 10 Aug 2000 09:52:54 +0200
Here is a echo scan/flood (??) received this morning from Italy (time is CET) : Aug 10 08:13:21 yonopido portsentry[4730]: attackalert: Connect from host: com.area.trieste.it/193.207.32.15 to UDP port: 7 Aug 10 08:13:21 yonopido portsentry[4730]: attackalert: Host: 193.207.32.15 is already blocked. Ignoring Aug 10 08:13:21 yonopido portsentry[4730]: attackalert: Connect from host: com.area.trieste.it/193.207.32.15 to UDP port: 7 Aug 10 08:13:21 yonopido portsentry[4730]: attackalert: Host: 193.207.32.15 is already blocked. Ignoring Aug 10 08:13:21 yonopido portsentry[4730]: attackalert: Connect from host: com.area.trieste.it/193.207.32.15 to UDP port: 7 Aug 10 08:13:21 yonopido portsentry[4730]: attackalert: Host: 193.207.32.15 is already blocked. Ignoring Aug 10 08:13:21 yonopido portsentry[4730]: attackalert: Connect from host: com.area.trieste.it/193.207.32.15 to UDP port: 7 Aug 10 08:13:21 yonopido portsentry[4730]: attackalert: Host: 193.207.32.15 is already blocked. Ignoring Aug 10 08:13:21 yonopido portsentry[4730]: attackalert: Connect from host: com.area.trieste.it/193.207.32.15 to UDP port: 7 Aug 10 08:13:21 yonopido portsentry[4730]: attackalert: Host: 193.207.32.15 is already blocked. Ignoring Aug 10 08:13:21 yonopido portsentry[4730]: attackalert: Connect from host: com.area.trieste.it/193.207.32.15 to UDP port: 7 Aug 10 08:13:21 yonopido portsentry[4730]: attackalert: Host: 193.207.32.15 is already blocked. Ignoring Aug 10 08:13:21 yonopido portsentry[4730]: attackalert: Connect from host: com.area.trieste.it/193.207.32.15 to UDP port: 7 Aug 10 08:13:21 yonopido portsentry[4730]: attackalert: Host: 193.207.32.15 is already blocked. Ignoring Aug 10 08:13:21 yonopido portsentry[4730]: attackalert: Connect from host: com.area.trieste.it/193.207.32.15 to UDP port: 7 Aug 10 08:13:21 yonopido portsentry[4730]: attackalert: Host: 193.207.32.15 is already blocked. Ignoring Aug 10 08:13:21 yonopido portsentry[4730]: attackalert: Connect from host: com.area.trieste.it/193.207.32.15 to UDP port: 7 Aug 10 08:13:21 yonopido portsentry[4730]: attackalert: Host: 193.207.32.15 is already blocked. Ignoring Aug 10 08:13:22 yonopido portsentry[4730]: attackalert: Connect from host: com.area.trieste.it/193.207.32.15 to UDP port: 7 Aug 10 08:13:22 yonopido portsentry[4730]: attackalert: Host: 193.207.32.15 is already blocked. Ignoring Aug 10 08:13:22 yonopido portsentry[4730]: attackalert: Connect from host: com.area.trieste.it/193.207.32.15 to UDP port: 7 Aug 10 08:13:22 yonopido portsentry[4730]: attackalert: Host: 193.207.32.15 is already blocked. Ignoring Aug 10 08:13:22 yonopido portsentry[4730]: attackalert: Connect from host: com.area.trieste.it/193.207.32.15 to UDP port: 7 Aug 10 08:13:22 yonopido portsentry[4730]: attackalert: Host: 193.207.32.15 is already blocked. Ignoring Aug 10 08:13:57 yonopido portsentry[4730]: attackalert: Connect from host: com.area.trieste.it/193.207.32.15 to UDP port: 7 Aug 10 08:13:57 yonopido portsentry[4730]: attackalert: Host: 193.207.32.15 is already blocked. Ignoring Aug 10 08:14:12 yonopido portsentry[4730]: attackalert: Connect from host: com.area.trieste.it/193.207.32.15 to UDP port: 7 Aug 10 08:14:12 yonopido portsentry[4730]: attackalert: Host: 193.207.32.15 is already blocked. Ignoring. I have already seen some coming from german universities, but I don't know what the prober is looking for. DoS ?
Current thread:
- echo scans exit (Aug 09)
- Re: echo scans Nicolas Gregoire (Aug 10)
- Re: echo scans Russell Fulton (Aug 13)
- echo scans + cisco config exit (Aug 10)
- <Possible follow-ups>
- Re: echo scans J. Oquendo (Aug 10)
- Re: echo scans Nicolas Gregoire (Aug 10)