Snort mailing list archives
RE: private IP scans
From: "McCammon, Keith" <Keith.McCammon () eadvancemed com>
Date: Mon, 8 Apr 2002 15:58:59 -0400
This is pretty standard, and could be any number of tools. Nmap just happens to be the usual suspect. You could spend a ton of time trying to figure out "who dun it?" but the better course of action would be to filter these types of things at your border. See http://www.ietf.org/rfc/rfc2827.txt?number=2827 for some general guidelines on ingress filters. It will probably take about ten minutes to craft some ACL's, and you shouldn't be seeing these any more (unless you have a much larger problem on your hands). Cheers Keith -----Original Message----- From: White, Stacy [mailto:SWhite () catfish bbc peachnet edu] Sent: Monday, April 08, 2002 3:31 PM To: snort-users () lists sourceforge net Subject: [Snort-users] private IP scans Hey! I am new here so forgive me if I ask anything dumb right off the bat. I am getting a lot of scans against my network from private IP ranges. Looks random, and the IP's are random as well. I am assuming a stealth scan, maybe NMAP. Anyone else experiencing this, or know what it is? Stacy White swhite () bainbridge edu (please note the change in my email address) Network Administrator BAINBRIDGE COLLEGE 229-248-2576 229-243-6421 FAX _______________________________ "The pursuit of truth and beauty is a sphere of activity in which we are permitted to remain children all our lives." -- Albert Einstein
Current thread:
- private IP scans White, Stacy (Apr 08)
- <Possible follow-ups>
- RE: private IP scans Sheahan, Paul (PCLN-NW) (Apr 08)
- RE: private IP scans McCammon, Keith (Apr 08)