Security Incidents mailing list archives
Re: Mass scan : coordinated or spoofed ?
From: Nicolas GREGOIRE <nicolas.gregoire () 7THZONE COM>
Date: Mon, 26 Feb 2001 11:38:01 +0100
Yoann LeCorvic a écrit :
Hi Do you run a sniffer/IDS ?
I haven't one running at the time of the probes ... Dammed !
But to me it looks like a automated scanning tool... Maybe trying different exploits on the ftp server if he successfully determined the server you are running...
OK, but the _main_ problem for me is the different sources addresses : 44 attempts from 4 IPs in less than 4 minutes, each one of them being located not far from the other ones. Like I said in my previous post : "All the 4 boxes respond to ping, run Linux and are in Spain" So I wonder _WHY_ theses boxes are scanning me exactly at the same time, and WHY they don't follow exactly the same pattern (see logs in my previous post) Anybody has ever see this kind od probe ? Nicob
Current thread:
- Mass scan : coordinated or spoofed ? Nicolas GREGOIRE (Feb 21)
- Re: Mass scan : coordinated or spoofed ? Nicolas GREGOIRE (Feb 26)
- <Possible follow-ups>
- Re: Mass scan : coordinated or spoofed ? Nicolas GREGOIRE (Feb 26)