On Thu, Dec 3, 2009 at 10:35 PM, Matthew Huff wrote:
> We are seeing a large number of tcp connection attempts to ports known to
> have security issues. The source addresses are spoofed from our address
> range. They are easy to block at our border router obviously, but the number
> and volume
On Thu, 3 Dec 2009 13:03:20 -0500
Matthew Huff wrote:
> I'm not at all concerned about door-knob twisting or network
> scanning. What concerns me is that the source addresses are spoofed
> from our address range and that our upstream providers aren't willing
> to even look at the problem.
>
But
: Re: port scanning from spoofed addresses
On Dec 3, 2009, at 9:53 AM, Matthew Huff wrote:
> The source address appears to be fixed as well as the source port (),
> scanning different destinations and ports.
>
>
Some script kiddies found nmap and decided to target you for so
On Dec 3, 2009, at 9:53 AM, Matthew Huff wrote:
> The source address appears to be fixed as well as the source port (),
> scanning different destinations and ports.
>
>
Some script kiddies found nmap and decided to target you for some reason. It
happens. It's annoying.
-Original Message-
From: Florian Weimer [mailto:fwei...@bfk.de]
Sent: Thursday, December 03, 2009 12:35 PM
To: Matthew Huff
Cc: (nanog@nanog.org)
Subject: Re: port scanning from spoofed addresses
* Matthew Huff:
> We are seeing a large number of tcp connection attempts to ports
> known t
> -Original Message-
> From: Matthew Huff [mailto:mh...@ox.com]
> Sent: Thursday, December 03, 2009 12:05 PM
>
> but the number and volume is a bit worrisome. Our upstream providers
> appear to be uninterested in tracing or blocking them. Is this the new
> normal?
Yes, it's the new norm..
* Matthew Huff:
> We are seeing a large number of tcp connection attempts to ports
> known to have security issues. The source addresses are spoofed from
> our address range. They are easy to block at our border router
> obviously, but the number and volume is a bit worrisome. Our
> upstream provi
7 matches
Mail list logo