Security Incidents mailing list archives
Re: Strange accumulation of scans from Korea (KORNET/HANANET)
From: "Ralf G. R. Bergs" <rabe () RWTH-Aachen DE>
Date: Wed, 14 Mar 2001 21:51:33 +0100
On Fri, 9 Mar 2001 09:38:30 -0500, John wrote:
I'm just observing a very strange accumulation of network scans from Korea.
[...]
I've notified the respective netblock owners and cc'ed the KR CERT.
[...]
This same network has been scanning my network(s), for about two weeks now. I have reported every scan, but had no luck in hearing back from anyone. I have been busy lately, but I am going to have an associate in Korea call them for me, as I am located in the states.
Well, I *did* receive replies from KR-CERT, such as the following:
Thank you for informing us of this incident. We will contact the offending site you mentioned. [211.208.172.152 ] Best Regards, xxxx, xxxxxxx(CERTCC-KR) ----------------------- Tracking code [CERTCC-KR#xxxxxxxx] has been assigned to this incident. We would appreciate being mailed or CCed any correspondence relating to this incident. Please include the tracking code in the subject line.
One thing that really p*ss*s me off is that the scans from some of the hosts I reported *still* continue... :-( PS: Greetings to Tampa, I've got a cousin in Riverview... -- Sign the EU petition against SPAM: L I N U X .~. http://www.politik-digital.de/spam/ The Choice /V\ of a GNU /( )\ Generation ^^-^^
Current thread:
- Strange accumulation of scans from Korea (KORNET/HANANET) Ralf G. R. Bergs (Mar 09)
- Re: Strange accumulation of scans from Korea (KORNET/HANANET) John (Mar 09)
- Re: Strange accumulation of scans from Korea (KORNET/HANANET) Ralf G. R. Bergs (Mar 14)
- Aggresive RPC & DNS scans from Korean hosts Joseph Nicholas Yarbrough (Mar 20)
- Re: Aggresive RPC & DNS scans from Korean hosts dano (Mar 20)
- Re: Aggresive RPC & DNS scans from Korean hosts Matt W. (Mar 20)
- Re: Strange accumulation of scans from Korea (KORNET/HANANET) Ralf G. R. Bergs (Mar 14)
- Re: Strange accumulation of scans from Korea (KORNET/HANANET) John (Mar 09)