On 8/16/19 3:50 PM, Emille Blanc wrote:
Have been seeing these at $DAYJOB off and on for the past week.
First logged events began for on 2019-08-04, at approx 1500hrs PST.
Impact for us has been negligible, but some older ASA's were having trouble
with the scan volume and their configured log
Have been seeing these at $DAYJOB off and on for the past week.
First logged events began for on 2019-08-04, at approx 1500hrs PST.
Impact for us has been negligible, but some older ASA's were having trouble
with the scan volume and their configured log levels which has since been
remedied.
The traffic "from" 88.208.0.0/18, 5.11.80.0/21, and 78.140.128.0/18 doesn't
match the packet signatures for Masscan, ZMap, or any other well-known
scanner. The traffic is likely spoofed.
__
*Troy Mursch*
@bad_packets
On Fri, Aug 16, 2019 at 3:28 PM Jared Smith wrote:
> I would think
I would think Shodan/Zmap/pick your multi-IP-block-scanning-tool would portray
similar behavior.
Echoing Matt’s “probably shouldn’t worry” sentiment, this could just be someone
running an incantation of such tools for research or recreational purposes.
Best,
Jared
On Aug 16, 2019, 18:21 -0400,
On Fri, Aug 16, 2019 at 5:05 PM Jim Shankland wrote:
> 1. Rate seems too slow to do any actual damage (is anybody really
> bothered by a few bad SYN packets per second per service, at this
> point?); but
>
Common technique used by port scanners to evade detection as a DoS attack
by fw/ids/etc.
On Aug 16, 2019, at 5:04 PM, Jim Shankland
mailto:na...@shankland.org>> wrote:
Greetings,
I'm seeing slow-motion (a few per second, per IP/port pair) syn flood attacks
ostensibly originating from 3 NL-based IP blocks: 88.208.0.0/18 , 5.11.80.0/21,
and 78.140.128.0/18 ("ostensibly" because
Greetings,
I'm seeing slow-motion (a few per second, per IP/port pair) syn flood
attacks ostensibly originating from 3 NL-based IP blocks: 88.208.0.0/18
, 5.11.80.0/21, and 78.140.128.0/18 ("ostensibly" because ... syn flood,
and BCP 38 not yet fully adopted).
Why is this syn flood
On Fri, Aug 16, 2019 at 5:02 AM Robert Kisteleki wrote:
>
> Hi,
>
> On 2019-08-15 17:38, Christopher Morrow wrote:
> > This looks like fun!
> > (a few questions for the RIPE folk, I think though below)
> >
> > What is the expected load of streaming clients on the RIPE service? (I
> > wonder
On Wed, Jul 31, 2019 at 5:29 PM Mark Andrews wrote:
> Actually if ARIN doesn’t pull the resources, after notification and a grace
> period to
> get them fixed, then what is the point in writing policy requiring that they
> be up to
> date and working? There needs to be checks and balances for
On 2019-08-16 14:13, Valdis Klētnieks wrote:
> On Fri, 16 Aug 2019 11:02:41 +0200, Robert Kisteleki said:
>> Hi,
>>
>> On 2019-08-15 17:38, Christopher Morrow wrote:
>>> This looks like fun!
>>> (a few questions for the RIPE folk, I think though below)
>>>
>>> What is the expected load of
On Fri, 16 Aug 2019 11:02:41 +0200, Robert Kisteleki said:
> Hi,
>
> On 2019-08-15 17:38, Christopher Morrow wrote:
> > This looks like fun!
> > (a few questions for the RIPE folk, I think though below)
> >
> > What is the expected load of streaming clients on the RIPE service? (I
> > wonder
Hi,
On 2019-08-15 17:38, Christopher Morrow wrote:
> This looks like fun!
> (a few questions for the RIPE folk, I think though below)
>
> What is the expected load of streaming clients on the RIPE service? (I
> wonder because I was/am messing about with something similar, though
> less node and
12 matches
Mail list logo
