echo scans + cisco config

[exit <exit () RANDOMKEYSTROKES COM>]

on the same topic, as i have reported all these scans i have gotten some
interesting replies back. Two networks have sent me back their logs [30
pages each almost] showing that my network range was used to ICMP ECHO
REPLY to their ipaddress (say their address is 111.222.333.4). For example
their logs say that they receieved scans to 111.222.333.4 from my
network's ip block. (even from ip addresses that are not in use in my
block). The strange thing is that the cisco router has "no ip
directed-broadcast" configured on all interfaces, has anyone who has
experienced this any suggestions please ?

Regards.

exit wrote:

> Hi, I have a lan of linux boxes, and get a relatively low volume of
> portscans. But last night i have recieved an unsual amount from
> different sources.
> I am wondering if i should be worried about scans to tcp and udp port 7
> [echo], this particular scan lasted for 4minutes on all machines at the
> same time.
>
> Also i will list strings of ports below (in order of scan), each string
> came from one ipadress, does anyone recognise a pattern here or is it
> random ? , all ports were _udp_ , thanks in advance. (along with this i
> got the usual probes for port 80 + 21)
>
> 2443, 53, 516, 511, 162, 111, 109
>
> 633, 987, 171, 241, 848, 278, 700, 119, 899, 317
>
> 196, 909, 129, 128, 883, 840, 904, 553, 177, 679, 803, 106, 418, 340,
> 126, 635, 373, 834
>
> 90, 959, 545, 217, 187, 1011, 967, 677, 19, 630, 858, 758
>
> 538, 949, 818, 642, 711
>
> 905, 873, 562, 317, 764, 637, 280, 378
>
> 881, 191, 688
>
> then the 4 minute scan on tcp/udp port 7.
>
> Regards.