Re: Mass scan : coordinated or spoofed ?

[Nicolas GREGOIRE <nicolas.gregoire () 7THZONE COM>]

Yoann LeCorvic a écrit :
> Hi
>
> Do you run a sniffer/IDS ?

I haven't one running at the time of the probes ...
Dammed !

> But to me it looks like a automated scanning tool...
> Maybe trying different exploits on the ftp server if he successfully determined the server you are running...

OK, but the _main_ problem for me is the different sources addresses :
44 attempts from 4 IPs in less than 4 minutes, each one of them being
located not far from the other ones.

Like I said in my previous post :
"All the 4 boxes respond to ping, run Linux and are in Spain"

So I wonder _WHY_ theses boxes are scanning me exactly at the same time,
and WHY they don't follow exactly the same pattern (see logs in my
previous post)

Anybody has ever see this kind od probe ?

Nicob