Security Incidents mailing list archives
Distributed Scanning?
From: measl () MFN ORG (Missouri FreeNet Administration)
Date: Thu, 6 Jan 2000 23:09:31 -0600
We started getting what looks like a distributed scan today: Jan 6 22:31:29 140 Deny ICMP:11.0 209.162.216.1 204.238.179.0 in via vx3 Jan 6 22:33:24 140 Deny ICMP:11.0 168.126.240.254 204.238.179.0 in via vx3 Jan 6 22:39:39 140 Deny ICMP:11.0 216.32.51.146 204.238.179.0 in via vx3 Jan 6 22:41:48 140 Deny ICMP:11.0 209.54.61.1 204.238.179.0 in via vx3 Jan 6 22:43:27 140 Deny ICMP:11.0 209.222.97.1 204.238.179.0 in via vx3 Jan 6 22:45:29 140 Deny ICMP:11.0 168.126.240.254 204.238.179.0 in via vx3 Pay attention to the timings: each almost a perfect 2 minutes apart. I have yet to "snoop" into these addresses, but I will post results when known. As an aside: I find it curious that this scan (if thats what it is) chose the subnet base address as a target: unless they are looking for *ancient* stacks to act as amplifiers, this just doesn't appear to be a very "stealthy" was to do things. Anyone know different? Yours, J.A. Terranson sysadmin () mfn org -- If Governments really want us to behave like civilized human beings, they should give serious consideration towards setting a better example: Ruling by force, rather than consensus; the unrestrained application of unjust laws (which the victim-populations were never allowed input on in the first place); the State policy of justice only for the rich and elected; the intentional abuse and occassionally destruction of entire populations merely to distract an already apathetic and numb electorate... This type of demogoguery must surely wipe out the fascist United States as surely as it wiped out the fascist Union of Soviet Socialist Republics. The views expressed here are mine, and NOT those of my employers, associates, or others. Besides, if it *were* the opinion of all of those people, I doubt there would be a problem to bitch about in the first place... --------------------------------------------------------------------
Current thread:
- Distributed Scanning? Missouri FreeNet Administration (Jan 06)
- Ports 12345, 5742 and 20034 Artur Nowak (Jan 08)
- Re: Ports 12345, 5742 and 20034 Michal Rok (Jan 10)
- Re: Ports 12345, 5742 and 20034 Artur Nowak (Jan 11)
- Re: Ports 12345, 5742 and 20034 Michal Rok (Jan 10)
- Re: Distributed Scanning? Richard Bejtlich (Jan 08)
- Port 4 Arne Vidar Sjønøs (Jan 09)
- Re: Port 4 Keith Owens (Jan 10)
- Re: Port 4 Sean Sosik-Hamor (Jan 11)
- Re: Port 4 Philipp Buehler (Jan 11)
- Re: Port 4 Sean Sosik-Hamor (Jan 11)
- Re: Port 4 Boris Badenov (Jan 11)
- Ports 12345, 5742 and 20034 Artur Nowak (Jan 08)