nanog mailing list archives

Re: Stopping ip range scans

From: haesu () towardex com
Date: Mon, 29 Dec 2003 08:48:25 -0500


[.. SNIP ..]

The problem is these are random scans, the traffic is going to ips that 
are not used and never were. They're clearly a random sequential scans.


In this particular case, null-routing your aggregate is your friend. Or get a
sink hole and suck down all the !traffic to it. Please, it's the internet. Port
scans are nothing out of the ordinary.

-James


-- 
James Jun (formerly Haesu)
TowardEX Technologies, Inc.
1740 Massachusetts Ave.
Boxborough, MA 01719
Consulting, IPv4 & IPv6 colocation, web hosting, network design & implementation
http://www.towardex.com  | james () towardex com
Cell: (978)394-2867      | Office: (978)263-3399 Ext. 170
Fax: (978)263-0033       | AIM: GigabitEthernet0
NOC: http://www.twdx.net | POC: HAESU-ARIN, HDJ1-6BONE

Current thread:

Stopping ip range scans william (Dec 29)
- Re: Stopping ip range scans Chris Brenton (Dec 29)
- Re: Stopping ip range scans william (Dec 29)
  - Re: Stopping ip range scans John R. Levine (Dec 29)
- Re: Stopping ip range scans jlewis (Dec 29)
- Re: Stopping ip range scans Perry E. Metzger (Dec 29)
- Re: Stopping ip range scans Anton L. Kapela (Dec 29)
- Re: Stopping ip range scans Phil Rosenthal (Dec 29)
- <Possible follow-ups>
- RE: Stopping ip range scans william (Dec 29)
  - Re: Stopping ip range scans haesu (Dec 29)