Security Incidents mailing list archives
Update: Scans From 192.168.0.134
From: "Douglas P. Brown" <Doug () UNC EDU>
Date: Thu, 1 Feb 2001 13:51:24 -0500
It turns out that we were not blocking the RFC 1918 addresses at one place were we should have had them filtered. This is going to be corrected - and that will allow us to further narrow this down. Thanks to all for the quick, thoughtful and thorough responses! Best Wishes, -DpB "Douglas P. Brown" wrote:
We are somewhat preplexed - Our IDS reported 8000+ SYN FIN scans from a non-routable address (192.168.0.134) to thousands of ours hosts yesterday. Our IDS setup is only seeing traffic that traverses our main router. Has anyone seen this before? Am I missing something? Any advice or direction you can offer would be greatly appreciated. Cheers, -DpB --
Current thread:
- Scans From 192.168.0.134 Douglas P. Brown (Feb 01)
- Re: Scans From 192.168.0.134 Alan Hannan (Feb 01)
- Re: Scans From 192.168.0.134 Jon O. (Feb 01)
- Re: Scans From 192.168.0.134 Daniel Martin (Feb 01)
- Update: Scans From 192.168.0.134 Douglas P. Brown (Feb 01)
- Re: Scans From 192.168.0.134 Russell Fulton (Feb 01)
- Re: Scans From 192.168.0.134 Daniel Martin (Feb 02)
- <Possible follow-ups>
- Re: Scans From 192.168.0.134 James Crooks (Feb 01)
- Re: Scans From 192.168.0.134 Alan Hannan (Feb 01)