nanog mailing list archives

RE: port scanning from spoofed addresses

From: Matthew Huff <mhuff () ox com>
Date: Thu, 3 Dec 2009 13:03:20 -0500

I'm not at all concerned about door-knob twisting or network scanning. What concerns me is that the source addresses 
are spoofed from our address range and that our upstream providers aren't willing to even look at the problem. 

----
Matthew Huff       | One Manhattanville Rd
OTA Management LLC | Purchase, NY 10577
http://www.ox.com  | Phone: 914-460-4039
aim: matthewbhuff  | Fax:   914-460-4139


-----Original Message-----
From: Charles Wyble [mailto:charles () thewybles com] 
Sent: Thursday, December 03, 2009 1:01 PM
To: Matthew Huff
Cc: Florian Weimer; (nanog () nanog org)
Subject: Re: port scanning from spoofed addresses


On Dec 3, 2009, at 9:53 AM, Matthew Huff wrote:

The source address appears to be fixed as well as the source port (6666), scanning different destinations and ports.



Some script kiddies found nmap and decided to target you for some reason. It happens. It's annoying.

Current thread:

port scanning from spoofed addresses Matthew Huff (Dec 03)
- Re: port scanning from spoofed addresses Florian Weimer (Dec 03)
  - RE: port scanning from spoofed addresses Matthew Huff (Dec 03)
    - Re: port scanning from spoofed addresses Charles Wyble (Dec 03)
    - RE: port scanning from spoofed addresses Matthew Huff (Dec 03)
    - Re: port scanning from spoofed addresses Gregory Edigarov (Dec 04)
- RE: port scanning from spoofed addresses Stefan Fouant (Dec 03)
- Re: port scanning from spoofed addresses Suresh Ramasubramanian (Dec 04)