Security Incidents mailing list archives
Re: Annoy Those Sub7 Scanners.
From: Computer Vegetable <CompuVeg () COLUMBUS RR COM>
Date: Thu, 31 Aug 2000 08:22:33 -0400
I've noticed something in my firewall logs 99% of the time when I get an obviously spoofed scan. (i.e., connection request from 10.x.x.x or 192.168.x.x, or the other range of non-internettable addresses) I almost always get a second scan attempt within milliseconds of the first connection request. I've assumed that this is someone spoofing their IP address in a very sloppy manner. Or perhaps the ISP sees the spoofer and sends identifying packets alongside the spoofed packets. Are either of these theories right? Thanks-- ---------------------------------------------------------------------------- - David Sentelle -----Original Message----- From: Incidents Mailing List [mailto:INCIDENTS () SECURITYFOCUS COM]On Behalf Of Talisker Sent: Wednesday, August 30, 2000 6:11 PM To: INCIDENTS () SECURITYFOCUS COM Subject: Re: Annoy Those Sub7 Scanners. First post was rejected :o( Tamer version As someone once told me, they are merely flies bouncing of a fly screen. They aren't going to get a connection, in most cases I suspect they are young kids who have installed a (free) personal firewall and are wondering what all these 27274 connection attempts are, a little research reveals an easy to use tool and hey-presto you are being scanned. SubSeven Servers don't appear to be widespread so they will give up after a few days. Retalliation will merely generate a challenge, and as it's school holidays at the moment, they probably have a lot more free time on their hands. Cautionary Note. Make sure that you are not vulnerable, scan your own addresses from time to time, keep your virus signatures bang up to date, and concentrate on the more elaborate/unknown connection attempts. By all means retain yo[just got a sub7 scan :o)]ur logs and if a particular source becomes a nuisance report them. just my 2 cents Andy www.networkintrusion.co.uk Listing all known commercial IDS ''' (0 0) ----oOO----(_)---------- | The geek shall | | Inherit the earth | -----------------oOO---- |__|__| || || ooO Ooo The opinions contained within this transmission are entirely my own, and do not necessarily reflect those of my employer.
Current thread:
- Re: Annoy Those Sub7 Scanners., (continued)
- Re: Annoy Those Sub7 Scanners. Greg A. Woods (Aug 28)
- Re: Annoy Those Sub7 Scanners. Snehal Dasari (Aug 28)
- Re: Annoy Those Sub7 Scanners. H Carvey (Aug 27)
- Re: Annoy Those Sub7 Scanners. H Carvey (Aug 27)
- Re: Annoy Those Sub7 Scanners. Dan Hollis (Aug 27)
- Re: Annoy Those Sub7 Scanners. H Carvey (Aug 28)
- Re: Annoy Those Sub7 Scanners. Forrester, Mike (Aug 28)
- Re: Annoy Those Sub7 Scanners. Pierre Vandevenne (Aug 28)
- Re: Annoy Those Sub7 Scanners. Frank Knobbe (Aug 30)
- Re: Annoy Those Sub7 Scanners. Talisker (Aug 31)
- Re: Annoy Those Sub7 Scanners. Computer Vegetable (Aug 31)
- Re: Annoy Those Sub7 Scanners. Talisker (Aug 31)
- Re: Annoy Those Sub7 Scanners. Robert G. Ferrell (Aug 30)
- Re: Annoy Those Sub7 Scanners. Bryan Andersen (Aug 31)
- Re: Annoy Those Sub7 Scanners. Bill Royds (Aug 31)
- Re: Annoy Those Sub7 Scanners. Forrester, Mike (Aug 31)