[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

port scanning from spoofed addresses

Subject: port scanning from spoofed addresses
From: fweimer at bfk.de (Florian Weimer)
Date: Thu, 03 Dec 2009 17:35:14 +0000
In-reply-to: <[email protected]> (Matthew Huff's message of "Thu\, 3 Dec 2009 12\:05\:09 -0500")
References: <[email protected]>

* Matthew Huff:

> We are seeing a large number of tcp connection attempts to ports
> known to have security issues. The source addresses are spoofed from
> our address range. They are easy to block at our border router
> obviously, but the number and volume is a bit worrisome. Our
> upstream providers appear to be uninterested in tracing or blocking
> them. Is this the new normal? One of my concerns is that if others
> are seeing probe attempts, they will see them from these addresses
> and of course, contact us.

What's the distribution of the source addresses and source ports?

-- 
Florian Weimer                <fweimer at bfk.de>
BFK edv-consulting GmbH       http://www.bfk.de/
Kriegsstra?e 100              tel: +49-721-96201-1
D-76133 Karlsruhe             fax: +49-721-96201-99

Follow-Ups:
- port scanning from spoofed addresses
  - From: mhuff at ox.com (Matthew Huff)

References:
- port scanning from spoofed addresses
  - From: mhuff at ox.com (Matthew Huff)

Prev by Date: Calling Comcast Postmaster or whomever actually is responsible for Comcast RBL maintenance
Next by Date: port scanning from spoofed addresses
Previous by thread: port scanning from spoofed addresses
Next by thread: port scanning from spoofed addresses
Index(es):
- Date
- Thread