Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Portscans from China ?

From: "Tudor Panaitescu" <tpanaitescu () colorcon com>
Date: Sun, 14 Apr 2002 08:35:55 -0400


Hello Everyone,

I am getting daily hundreds of Portscans to port 80 TCP from hosts residing in
China, some of them are directed only to our web sitesin the DMZ, some are
targeting the entire DMZ network, trying to scan the hosts one by one. The
source addresses are not the same from one scan to another, they are always
different , they don't resolve with reverse lookup and they look like well
protected systems when trying to connect  to them on different ports (no
scanning in return though...). The portscan.log always shows INVALIDACK ***A*R*F
for these scans The alerts log shows only STEALTH [**]. The apache log files
show nothing but 408 (request time out) for these connections.

Is anbody else experiencing the same thing ? Does anybody have any idea what's
this all about ?

TIA,
Tudor




_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: