Security Incidents mailing list archives
RE: Spoofed scans
From: "Bojan Zdrnja" <Bojan.Zdrnja () FER hr>
Date: Mon, 7 Jan 2002 14:06:23 +0100
Only if machine is on their subnet, of course. Otherwise he'll get hardware address of his router. Can you get us more information about those packets ? I'm interested to see what kind of scanning they do. Regards, Bojan Zdrnja
-----Original Message----- From: James [mailto:jamesh () cybermesa com] Sent: 7. sijeèanj 2002 1:47 To: incidents () securityfocus com Subject: Re: Spoofed scans Capture the data link layer and get the hardware address. Perhaps this will indicate the true IP. "Ask the plants of the earth and they will teach you." Job 12:8 ----- Original Message ----- From: "Richard Arends" <richard () unixguru nl> To: <incidents () securityfocus com> Sent: Sunday, January 06, 2002 4:41 AM Subject: Spoofed scansHello, Last couple of weeks i'm getting more and more spoofed scans on my firewall. All scans are icmp or port 53 (domain). Mostly'they' first senda few icmp packets and then a scan for port 53 trying to doa reverselookup for my ip. Are there more seeing this type off scans and is there away to substractthe real scanner (ip) from the list ip's ??? Greetings, Richard. ---- An OS is like swiss cheese, the bigger it is, the moreholes you get!-------------------------------------------------------------- ------------ --This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com-------------------------------------------------------------- -------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Spoofed scans Richard Arends (Jan 06)
- Re: Spoofed scans James (Jan 06)
- RE: Spoofed scans Philip Wagenaar (Jan 07)
- Re: Spoofed scans James (Jan 07)
- Re: Spoofed scans Will Aoki (Jan 07)
- RE: Spoofed scans Bojan Zdrnja (Jan 07)
- RE: Spoofed scans Philip Wagenaar (Jan 07)
- Re: Spoofed scans Gideon Lenkey (Jan 07)
- Re: Spoofed scans Crist J. Clark (Jan 07)
- Re: Spoofed scans Richard Arends (Jan 07)
- RE: Spoofed scans Paul M. Tiedemann (Jan 08)
- Re: Spoofed scans Dave Ryan (Jan 08)
- RE: Spoofed scans Gideon Lenkey (Jan 08)
- <Possible follow-ups>
- RE: Spoofed scans Joshua Wright (Jan 09)
- RE: Spoofed scans Jose Nazario (Jan 09)
- Re: Spoofed scans James (Jan 06)