Re: port scanning from spoofed addresses

2009-12-04 Thread Suresh Ramasubramanian
On Thu, Dec 3, 2009 at 10:35 PM, Matthew Huff wrote: > We are seeing a large number of tcp connection attempts to ports known to > have security issues. The source addresses are spoofed from our address > range. They are easy to block at our border router obviously, but the number > and volume

Re: port scanning from spoofed addresses

2009-12-04 Thread Gregory Edigarov
On Thu, 3 Dec 2009 13:03:20 -0500 Matthew Huff wrote: > I'm not at all concerned about door-knob twisting or network > scanning. What concerns me is that the source addresses are spoofed > from our address range and that our upstream providers aren't willing > to even look at the problem. > But

RE: port scanning from spoofed addresses

2009-12-03 Thread Matthew Huff
: Re: port scanning from spoofed addresses On Dec 3, 2009, at 9:53 AM, Matthew Huff wrote: > The source address appears to be fixed as well as the source port (), > scanning different destinations and ports. > > Some script kiddies found nmap and decided to target you for so

Re: port scanning from spoofed addresses

2009-12-03 Thread Charles Wyble
On Dec 3, 2009, at 9:53 AM, Matthew Huff wrote: > The source address appears to be fixed as well as the source port (), > scanning different destinations and ports. > > Some script kiddies found nmap and decided to target you for some reason. It happens. It's annoying.

RE: port scanning from spoofed addresses

2009-12-03 Thread Matthew Huff
-Original Message- From: Florian Weimer [mailto:fwei...@bfk.de] Sent: Thursday, December 03, 2009 12:35 PM To: Matthew Huff Cc: (nanog@nanog.org) Subject: Re: port scanning from spoofed addresses * Matthew Huff: > We are seeing a large number of tcp connection attempts to ports > known t

RE: port scanning from spoofed addresses

2009-12-03 Thread Stefan Fouant
> -Original Message- > From: Matthew Huff [mailto:mh...@ox.com] > Sent: Thursday, December 03, 2009 12:05 PM > > but the number and volume is a bit worrisome. Our upstream providers > appear to be uninterested in tracing or blocking them. Is this the new > normal? Yes, it's the new norm..

Re: port scanning from spoofed addresses

2009-12-03 Thread Florian Weimer
* Matthew Huff: > We are seeing a large number of tcp connection attempts to ports > known to have security issues. The source addresses are spoofed from > our address range. They are easy to block at our border router > obviously, but the number and volume is a bit worrisome. Our > upstream provi

port scanning from spoofed addresses

2009-12-03 Thread Matthew Huff
We are seeing a large number of tcp connection attempts to ports known to have security issues. The source addresses are spoofed from our address range. They are easy to block at our border router obviously, but the number and volume is a bit worrisome. Our upstream providers appear to be uninte