> Turns out that more people are getting into the scanning act. From > the last 20 hours or so (only new addresses):
> * There are a bunch of IP addresses in a block assigned to Kudelski > Security in Switzerland. These are just doing READVAR commands -- > [...]. Curiously enough, if you respond to the readvar command, they > send back an ICMP unreachable. > * Rapid7 has joined the scanning party (many addresses including > 71.6.216.62). They also have the strange ICMP unreachable behavior, > and they are also just doing READVAR commands. This sounds suspiciously like DoS source hiding. While the "many addresses" part argues against that, the ICMP unreachables argue for it. (At least, if they're port unreachables. Are they? Or are they net unreachables, host unreachables, what?) /~\ The ASCII Mouse \ / Ribbon Campaign X Against HTML [email protected] / \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B _______________________________________________ pool mailing list [email protected] http://lists.ntp.org/listinfo/pool
