Security Incidents mailing list archives
intensive scan
From: "docteurt () voila fr" <docteurt () VOILA FR>
Date: Tue, 23 Jan 2001 14:42:08 +0100
There is actually a blackhat who is scanning my firewall. I would like to know if someone here can identify what he is looking for, here is the trace of his scans : from tcpdump : 10:20:46.784736 P <him>.3003 > <me>.56307: udp 8 (ttl 48, id 58711) 11:57:08.722110 P <him from another IP>.1144 > <me>.48010: udp 9 (ttl 117, id 33053) The playload of his packets are : 0xff 0xff 0xff 0xff details 0x00 or 0xff 0xff 0xff 0xff ping 0x00 Thanks in advance for any help
Current thread:
- intensive scan docteurt () voila fr (Jan 23)