> maybe nmap with the decoy option
>
> -Ddecoy_host1,decoy2,ME,decoy3[,...] Launch scans from decoy host
> > Sep 23 03:56:22 <> list 100 denied tcp 216.xx.xx.66(47850) ->
> > 203.xx.xx.201(23), 1 packet
> > Sep 23 03:56:23 <> list 100 denied tcp 216.xx.xx.66(47850) ->
> > 203.xx.xx.253(23), 1 packet
> > Sep 23 03:56:23 <> list 100 denied tcp 216.xx.xx.66(47850) ->
> > 203.xx.xx.254(23), 1 packet
Wouldn't that be `nmap -DME`? ;-)
The source is always the same ("216.xx.xx.66"), but the
destination is all over the 203.xx.xx.0/24 subnet, always
going to port 23. Someone's looking for telnet servers
and not being very stealthy.
~Patrick
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
