RE: private IP scans

["McCammon, Keith" <Keith.McCammon () eadvancemed com>]

This is pretty standard, and could be any number of tools.  Nmap just
happens to be the usual suspect.  You could spend a ton of time trying
to figure out "who dun it?" but the better course of action would be to
filter these types of things at your border.  See
http://www.ietf.org/rfc/rfc2827.txt?number=2827 for some general
guidelines on ingress filters.  It will probably take about ten minutes
to craft some ACL's, and you shouldn't be seeing these any more (unless
you have a much larger problem on your hands).
 
Cheers
 
Keith
-----Original Message-----
From: White, Stacy [mailto:SWhite () catfish bbc peachnet edu]
Sent: Monday, April 08, 2002 3:31 PM
To: snort-users () lists sourceforge net
Subject: [Snort-users] private IP scans


Hey! I am new here so forgive me if I ask anything dumb right off the
bat.
 
I am getting a lot of scans against my network from private IP ranges.
Looks random, and the IP's are random as well.
I am assuming a stealth scan, maybe NMAP. Anyone else experiencing this,
or know what it is?
 
Stacy White
swhite () bainbridge edu
(please note the change in my email address)
 
Network Administrator
BAINBRIDGE COLLEGE
 
229-248-2576
229-243-6421 FAX
 
_______________________________
 
"The pursuit of truth and beauty is a sphere of activity in which we are
permitted to remain children all our lives." --  Albert Einstein