(no subject)

[henris () BGA COM (Henri J. Schlereth)]

> Date:    Tue, 30 May 2000 10:38:30 -0700
> From:    Bill Pennington <billp () ROCKETCASH COM>
> Subject: Increase in activity from China
> MIME-Version: 1.0
> Content-Type: text/plain; charset=us-ascii
> Content-Transfer-Encoding: 7bit
>
> Has anyone else noticed a dramatic increase in network scans originating
> from China based IPs? It seems like the day the normalized trade
> relations bill passed the house, I started getting scans from China.
> Before I had not noticed any scans from China. Does anyone have a good
> contact to report China based probes?
> --
>
>
> Bill Pennington
> Senior IT Manager
> Rocketcash
> billp () rocketcash com
> http://www.rocketcash.com

It may not necessarily be China. Last year I had 4 probe/attacks.
This year I have already had 25. I run an intranet with a dial-up
and Linux firewall. The external IP is dnynamic and changes
every four hours. Of the 25, 4 were from Korea. I am actively
tracking the last incident from Korea and it looks like someone
in America took over a Korean machine and was using it to probe/
attack.

I understand that probing/scanning isnt necessarily illegal.
For that purpose I run monitoring software. But when someone
tries to actually access a service from the outside, w/o my
permission I define that as an attack.

Additionally, if you are scanning my ports and are using a
different machine other than your own, you make my suspect list.

So in short, it's possible that these scans/attacks are being
redirected from here.

Henri