Security Incidents mailing list archives
echo scans + cisco config
From: exit <exit () RANDOMKEYSTROKES COM>
Date: Thu, 10 Aug 2000 15:07:56 +0000
on the same topic, as i have reported all these scans i have gotten some interesting replies back. Two networks have sent me back their logs [30 pages each almost] showing that my network range was used to ICMP ECHO REPLY to their ipaddress (say their address is 111.222.333.4). For example their logs say that they receieved scans to 111.222.333.4 from my network's ip block. (even from ip addresses that are not in use in my block). The strange thing is that the cisco router has "no ip directed-broadcast" configured on all interfaces, has anyone who has experienced this any suggestions please ? Regards. exit wrote:
Hi, I have a lan of linux boxes, and get a relatively low volume of portscans. But last night i have recieved an unsual amount from different sources. I am wondering if i should be worried about scans to tcp and udp port 7 [echo], this particular scan lasted for 4minutes on all machines at the same time. Also i will list strings of ports below (in order of scan), each string came from one ipadress, does anyone recognise a pattern here or is it random ? , all ports were _udp_ , thanks in advance. (along with this i got the usual probes for port 80 + 21) 2443, 53, 516, 511, 162, 111, 109 633, 987, 171, 241, 848, 278, 700, 119, 899, 317 196, 909, 129, 128, 883, 840, 904, 553, 177, 679, 803, 106, 418, 340, 126, 635, 373, 834 90, 959, 545, 217, 187, 1011, 967, 677, 19, 630, 858, 758 538, 949, 818, 642, 711 905, 873, 562, 317, 764, 637, 280, 378 881, 191, 688 then the 4 minute scan on tcp/udp port 7. Regards.
Current thread:
- echo scans exit (Aug 09)
- Re: echo scans Nicolas Gregoire (Aug 10)
- Re: echo scans Russell Fulton (Aug 13)
- echo scans + cisco config exit (Aug 10)
- <Possible follow-ups>
- Re: echo scans J. Oquendo (Aug 10)
- Re: echo scans Nicolas Gregoire (Aug 10)