Security Incidents mailing list archives

Re: Distributed Scanning?

From: bejtlich () TEXAS NET (Richard Bejtlich)
Date: Sun, 9 Jan 2000 05:37:00 -0000


As I read my Stevens, these look like more ICMP time exceeded messages, which
many a person here are still trying to deciper?

Richard

---
We started getting what looks like a distributed scan today:

Jan 6 22:31:29 140 Deny ICMP:11.0 209.162.216.1 204.238.179.0 in via vx3
Jan 6 22:33:24 140 Deny ICMP:11.0 168.126.240.254 204.238.179.0 in via vx3
Jan 6 22:39:39 140 Deny ICMP:11.0 216.32.51.146 204.238.179.0 in via vx3

Current thread:

Distributed Scanning? Missouri FreeNet Administration (Jan 06)
- Ports 12345, 5742 and 20034 Artur Nowak (Jan 08)
  - Re: Ports 12345, 5742 and 20034 Michal Rok (Jan 10)
    - Re: Ports 12345, 5742 and 20034 Artur Nowak (Jan 11)
- Re: Distributed Scanning? Richard Bejtlich (Jan 08)
- Port 4 Arne Vidar Sjønøs (Jan 09)
  - Re: Port 4 Keith Owens (Jan 10)
  - Re: Port 4 Sean Sosik-Hamor (Jan 11)
    - Re: Port 4 Philipp Buehler (Jan 11)
    - Re: Port 4 Sean Sosik-Hamor (Jan 11)
    - Re: Port 4 Boris Badenov (Jan 11)
    - IRC-bots: what are they for ? Jens Hektor (Jan 12)
    - Re: IRC-bots: what are they for ? Jon Paul, Nollmann (Jan 12)
    - Re: IRC-bots: what are they for ? SecOrg (Jan 12)
    - Re: IRC-bots: what are they for ? Ninja Information Systems. (Jan 12)

(Thread continues...)