Hi,
On 2019-08-15 17:38, Christopher Morrow wrote:
> This looks like fun!
> (a few questions for the RIPE folk, I think though below)
>
> What is the expected load of streaming clients on the RIPE service? (I
> wonder because I was/am messing about with something similar, though
> less node and j
On Fri, 16 Aug 2019 11:02:41 +0200, Robert Kisteleki said:
> Hi,
>
> On 2019-08-15 17:38, Christopher Morrow wrote:
> > This looks like fun!
> > (a few questions for the RIPE folk, I think though below)
> >
> > What is the expected load of streaming clients on the RIPE service? (I
> > wonder becaus
On 2019-08-16 14:13, Valdis Klētnieks wrote:
> On Fri, 16 Aug 2019 11:02:41 +0200, Robert Kisteleki said:
>> Hi,
>>
>> On 2019-08-15 17:38, Christopher Morrow wrote:
>>> This looks like fun!
>>> (a few questions for the RIPE folk, I think though below)
>>>
>>> What is the expected load of streami
On Wed, Jul 31, 2019 at 5:29 PM Mark Andrews wrote:
> Actually if ARIN doesn’t pull the resources, after notification and a grace
> period to
> get them fixed, then what is the point in writing policy requiring that they
> be up to
> date and working? There needs to be checks and balances for s
On Fri, Aug 16, 2019 at 5:02 AM Robert Kisteleki wrote:
>
> Hi,
>
> On 2019-08-15 17:38, Christopher Morrow wrote:
> > This looks like fun!
> > (a few questions for the RIPE folk, I think though below)
> >
> > What is the expected load of streaming clients on the RIPE service? (I
> > wonder becaus
Greetings,
I'm seeing slow-motion (a few per second, per IP/port pair) syn flood
attacks ostensibly originating from 3 NL-based IP blocks: 88.208.0.0/18
, 5.11.80.0/21, and 78.140.128.0/18 ("ostensibly" because ... syn flood,
and BCP 38 not yet fully adopted).
Why is this syn flood different
On Aug 16, 2019, at 5:04 PM, Jim Shankland
mailto:na...@shankland.org>> wrote:
Greetings,
I'm seeing slow-motion (a few per second, per IP/port pair) syn flood attacks
ostensibly originating from 3 NL-based IP blocks: 88.208.0.0/18 , 5.11.80.0/21,
and 78.140.128.0/18 ("ostensibly" because ..
On Fri, Aug 16, 2019 at 5:05 PM Jim Shankland wrote:
> 1. Rate seems too slow to do any actual damage (is anybody really
> bothered by a few bad SYN packets per second per service, at this
> point?); but
>
Common technique used by port scanners to evade detection as a DoS attack
by fw/ids/etc.
I would think Shodan/Zmap/pick your multi-IP-block-scanning-tool would portray
similar behavior.
Echoing Matt’s “probably shouldn’t worry” sentiment, this could just be someone
running an incantation of such tools for research or recreational purposes.
Best,
Jared
On Aug 16, 2019, 18:21 -0400,
The traffic "from" 88.208.0.0/18, 5.11.80.0/21, and 78.140.128.0/18 doesn't
match the packet signatures for Masscan, ZMap, or any other well-known
scanner. The traffic is likely spoofed.
__
*Troy Mursch*
@bad_packets
On Fri, Aug 16, 2019 at 3:28 PM Jared Smith wrote:
> I would think Shodan/Zm
Have been seeing these at $DAYJOB off and on for the past week.
First logged events began for on 2019-08-04, at approx 1500hrs PST.
Impact for us has been negligible, but some older ASA's were having trouble
with the scan volume and their configured log levels which has since been
remedied.
---
On 8/16/19 3:50 PM, Emille Blanc wrote:
Have been seeing these at $DAYJOB off and on for the past week.
First logged events began for on 2019-08-04, at approx 1500hrs PST.
Impact for us has been negligible, but some older ASA's were having trouble
with the scan volume and their configured log l
12 matches
Mail list logo
