nanog mailing list archives
Re: how to deal with port scan and brute force attack from AS 8075 ?
From: Brandon Vincent <Brandon.Vincent () asu edu>
Date: Sun, 3 Apr 2016 20:54:01 -0700
On Thu, Mar 31, 2016 at 4:41 AM, DV <iamzam () gmail com> wrote:
I have noticed this and especially the strange format of the packets with a SYN/ECE/CWR flag combination: http://pastebin.com/jFCDAmdr This may be $whoever trying to establish network performance/congestion via ECN or it could be something else like a fast scan technique or OS fingerprinting
It's OS fingerprinting. Targeted attacks are far more productive. If I'm trying to get into an organization, I'd much rather be interested in Juniper ScreenOS than someone's personal *nix machine. Brandon Vincent
Current thread:
- Re: how to deal with port scan and brute force attack from AS 8075 ? DV (Apr 03)
- Re: how to deal with port scan and brute force attack from AS 8075 ? Brandon Vincent (Apr 07)
- Re: how to deal with port scan and brute force attack from AS 8075 ? Bacon Zombie (Apr 07)
- <Possible follow-ups>
- Re: how to deal with port scan and brute force attack from AS 8075 ? Davide Davini (Apr 03)
- Re: how to deal with port scan and brute force attack from AS 8075 ? cyrus ramirez via NANOG (Apr 03)
- Re: how to deal with port scan and brute force attack from AS 8075 ? William Herrin (Apr 07)
- Re: how to deal with port scan and brute force attack from AS 8075 ? Owen DeLong (Apr 11)
- Re: how to deal with port scan and brute force attack from AS 8075 ? Jared Mauch (Apr 11)
- Re: how to deal with port scan and brute force attack from AS 8075 ? William Herrin (Apr 11)
- Re: how to deal with port scan and brute force attack from AS 8075 ? Owen DeLong (Apr 11)
- Re: how to deal with port scan and brute force attack from AS 8075 ? Owen DeLong (Apr 11)
- Re: how to deal with port scan and brute force attack from AS 8075 ? Brandon Vincent (Apr 07)