Snort mailing list archives
Portscans from China ?
From: "Tudor Panaitescu" <tpanaitescu () colorcon com>
Date: Sun, 14 Apr 2002 08:35:55 -0400
Hello Everyone, I am getting daily hundreds of Portscans to port 80 TCP from hosts residing in China, some of them are directed only to our web sitesin the DMZ, some are targeting the entire DMZ network, trying to scan the hosts one by one. The source addresses are not the same from one scan to another, they are always different , they don't resolve with reverse lookup and they look like well protected systems when trying to connect to them on different ports (no scanning in return though...). The portscan.log always shows INVALIDACK ***A*R*F for these scans The alerts log shows only STEALTH [**]. The apache log files show nothing but 408 (request time out) for these connections. Is anbody else experiencing the same thing ? Does anybody have any idea what's this all about ? TIA, Tudor _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Portscans from China ? Tudor Panaitescu (Apr 14)
- RE: Portscans from China ? Mike Arrison (Apr 14)
- Re: Portscans from China ? Michael Scheidell (Apr 15)
- RE: Portscans from China ? Mike Arrison (Apr 14)