Security Incidents mailing list archives

Re: IP Black list?

From: kaos () OCS COM AU (Keith Owens)
Date: Tue, 16 May 2000 19:33:03 +1000


On Thu, 11 May 2000 10:55:32 -0700,
Stuart Staniford <stuart () SILICONDEFENSE COM> wrote:

We could start by putting demon.co.uk into it until they stop spraying the
world with bad packets and repeating the same lame excuses for why they
still haven't stopped whatever is causing that.


I don't know what excuse demon gave you but several sets of packets
from them have tripped my alarms recently.  In every case, the packets
were in the middle of a normal ftp session.  It definitely looks like
broken hardware and/or software, corrupt packet headers, corrupt data,
invalid lengths, the lot.  The last mail from demon was "we are taking
it up with our suppliers and it will be fixed in 4 weeks", that was
last week.

Current thread:

Re: IP Black list?, (continued)
- - - Re: IP Black list? Sebastien Berube (May 15)
    - Odd scans of tcp port 12345 Russell Fulton (May 15)
    - Re: Odd scans of tcp port 12345 Shadow Boxer (May 16)
    - New or Variant Port 109 Scans Stephen P. Berry (May 15)
    - Re: IP Black list? Patrick van Zweden (May 15)
    - TCP low port scan Jose Nazario (May 15)
    - Re: IP Black list? Joe McAlerney (May 15)
    - Re: IP Black list? Omachonu Ogali (May 15)
    - Re: IP Black list? Emre (May 15)
    - Re: IP Black list? Ex Machina (May 15)
    - Re: IP Black list? Keith Owens (May 16)
- Re: Automated, Distributed Port Scan Ed Padin (May 09)
- Re: Automated, Distributed Port Scan Antonio Montes (May 10)