On Thu, Dec 3, 2009 at 10:35 PM, Matthew Huff wrote:
> We are seeing a large number of tcp connection attempts to ports known to
> have security issues. The source addresses are spoofed from our address
> range. They are easy to block at our border router obviously, but the number
> and volume
On Thu, 3 Dec 2009 13:03:20 -0500
Matthew Huff wrote:
> I'm not at all concerned about door-knob twisting or network
> scanning. What concerns me is that the source addresses are spoofed
> from our address range and that our upstream providers aren't willing
> to even look at the problem.
>
But
: Re: port scanning from spoofed addresses
On Dec 3, 2009, at 9:53 AM, Matthew Huff wrote:
> The source address appears to be fixed as well as the source port (),
> scanning different destinations and ports.
>
>
Some script kiddies found nmap and decided to target you for so
On Dec 3, 2009, at 9:53 AM, Matthew Huff wrote:
> The source address appears to be fixed as well as the source port (),
> scanning different destinations and ports.
>
>
Some script kiddies found nmap and decided to target you for some reason. It
happens. It's annoying.
-Original Message-
From: Florian Weimer [mailto:fwei...@bfk.de]
Sent: Thursday, December 03, 2009 12:35 PM
To: Matthew Huff
Cc: (nanog@nanog.org)
Subject: Re: port scanning from spoofed addresses
* Matthew Huff:
> We are seeing a large number of tcp connection attempts to ports
> known t
> -Original Message-
> From: Matthew Huff [mailto:mh...@ox.com]
> Sent: Thursday, December 03, 2009 12:05 PM
>
> but the number and volume is a bit worrisome. Our upstream providers
> appear to be uninterested in tracing or blocking them. Is this the new
> normal?
Yes, it's the new norm..
* Matthew Huff:
> We are seeing a large number of tcp connection attempts to ports
> known to have security issues. The source addresses are spoofed from
> our address range. They are easy to block at our border router
> obviously, but the number and volume is a bit worrisome. Our
> upstream provi
We are seeing a large number of tcp connection attempts to ports known to have
security issues. The source addresses are spoofed from our address range. They
are easy to block at our border router obviously, but the number and volume is
a bit worrisome. Our upstream providers appear to be uninte
8 matches
Mail list logo