Chuck wrote: > > never mind - I've done a bit of testing, and it appears that > the IP number > that is incrementing is a count of distinct events. I.e. if I > do a test > ping, let it sit a while, and do another test ping, I see the > number > increment. > > I gotta get out more.
LOL, Chuck. Good to know anyway. > > > > ""Chuck"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > I have a piece of equipment connected to the public internet > for something > > I'm doing with a friend. It is protected by an access-list > restricting the > > source address and the particular application. > > > > However, in monitoring the device, I am seeing what appear to > be not only > > TCP port scans, but IP protocol scans. I.e. a series of > inquiries using > > different successive IP protocol numbers. > > > > 17:43:26: datagramsize=48, IP 87: s=x.x.x.x (local), > d=12.246.161.19, totl > > 17:43:26: datagramsize=48, IP 87: s=x.x.x.x (local), > d=12.246.161.19 (Fast > > 17:43:26: datagramsize=70, IP 87: s=x.x.x.x (local), > d=12.246.161.19 (Fast > > 17:43:32: datagramsize=48, IP 88: s=x.x.x.x (local), > d=12.246.161.19, > totlen > > 56, > > 17:56:30: datagramsize=48, IP 90: s=x.x.x.x (local), > d=61.37.239.23, totle > > 17:56:36: datagramsize=48, IP 91: s=x.x.x.x (local), > d=61.37.239.23, totle > > ( this output is showing the reply my device is sending to > the IP's in > > question. ) > > > > at least, I am assuming that the IP XX = the IP protocol > number, as > reported > > by the debug. > > > > Just wondering if one of you security gurus might shed some > light here, > > seeing as how out of touch I seem to be. This one of the > standard hacking > > procedures? Been around a while? new because so many entities > are now > doing > > a lot more to crack down on TCP port scanning? > > > > I checked the various registries. The behavior is coming from > several > > places, some Thailand, some Korea, some from customers of > ATT.net > > > > Just looking to increase my awareness. > > > > thanks. > > > > Chuck > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=49407&t=49358 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
