never mind - I've done a bit of testing, and it appears that the IP number that is incrementing is a count of distinct events. I.e. if I do a test ping, let it sit a while, and do another test ping, I see the number increment.
I gotta get out more. ""Chuck"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > I have a piece of equipment connected to the public internet for something > I'm doing with a friend. It is protected by an access-list restricting the > source address and the particular application. > > However, in monitoring the device, I am seeing what appear to be not only > TCP port scans, but IP protocol scans. I.e. a series of inquiries using > different successive IP protocol numbers. > > 17:43:26: datagramsize=48, IP 87: s=x.x.x.x (local), d=12.246.161.19, totl > 17:43:26: datagramsize=48, IP 87: s=x.x.x.x (local), d=12.246.161.19 (Fast > 17:43:26: datagramsize=70, IP 87: s=x.x.x.x (local), d=12.246.161.19 (Fast > 17:43:32: datagramsize=48, IP 88: s=x.x.x.x (local), d=12.246.161.19, totlen > 56, > 17:56:30: datagramsize=48, IP 90: s=x.x.x.x (local), d=61.37.239.23, totle > 17:56:36: datagramsize=48, IP 91: s=x.x.x.x (local), d=61.37.239.23, totle > ( this output is showing the reply my device is sending to the IP's in > question. ) > > at least, I am assuming that the IP XX = the IP protocol number, as reported > by the debug. > > Just wondering if one of you security gurus might shed some light here, > seeing as how out of touch I seem to be. This one of the standard hacking > procedures? Been around a while? new because so many entities are now doing > a lot more to crack down on TCP port scanning? > > I checked the various registries. The behavior is coming from several > places, some Thailand, some Korea, some from customers of ATT.net > > Just looking to increase my awareness. > > thanks. > > Chuck Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=49359&t=49358 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
