Yes.. I have been getting alot of the similar port scans... mostly from ip's
that come from China.. most of them doing the known stuff. ie.. 12345 etc..
-----Original Message-----
From: Troy Bell <[EMAIL PROTECTED]>
To: Howard Lowndes <[EMAIL PROTECTED]>
Cc: Mail List - SLUG <[EMAIL PROTECTED]>; Mail List - Oz-ISP
<[EMAIL PROTECTED]>
Date: Friday, 11 August 2000 9:02
Subject: [SLUG] Re: [Oz-ISP] ICMP 0 DoS attack
>Howard Lowndes wrote:
>> If anyone has noticed an ICMP type 0 DoS attack in the past day or so
>> could they please contact me off list.
>
>Nope...
>
>> I suffered one for exactly 5 hours yesterday, specifically targetted at
my
>> publicly accessible server. It flatlined my link, unfortunately I wasn't
>> in the office at the time so I didn't know about it until too late.
>
>What I have noticed, is a high amount of port 21 netblock scans (20 to 30
per day) (most likely for RedHat wu-ftpd) and port 12345 (Netbus, BO) scans
(40 to 50 per day over 2 subnets).
>
>The last time I saw this many scans per day, a short while after they
stopped, the DDoS's on Yahoo and Ebay sprouted.
>
><conspiracy theory>
>
>Makes one wonder if they are testing the water for an attack on us Aussies
>
></conspiracy theory>
>
>I know there's been alot of talk on this list about scans and probes and
when they occured and stuff, so it's probably not a good idea to revisit it
too much, but is anyone else noticing a high amount of these scans across
their own subnets?
>
>Kind regards,
>
>--
>Troy Bell [EMAIL PROTECTED]
>Systems Administrator +61 7 3620 1903
>Asia Online (Brisbane) http://www.asiaonline.net/
>
>Never argue with idiots - they'll bring you down to their
>level and then beat you with experience.
>
>
>--
>SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
>More Info: http://slug.org.au/lists/listinfo/slug
>
--
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://slug.org.au/lists/listinfo/slug
