nanog mailing list archives
Re: DSL-IP Probes Curiousity..
From: Sean Donelan <sean () donelan com>
Date: Fri, 14 Mar 2003 00:30:53 -0500 (EST)
On Thu, 13 Mar 2003, McBurnett, Jim wrote:
I am just curious about this. I see a rather unusual # of SNMP queiries and port scans from DSL IP blocks in the US... How many of you really go after the script kiddies doing this? I know 1, 2 or even 3 a day is not a concern for me, but when I get 3 a day from the same source IP allocation, I start wondering...
I know people like to use sensational terms like "pre-attack reconnaissance" and "DOS attacks." There is a constant background hum on today's Internet, some of it is malicious, some of it is badly managed systems. Between automated web spiders, academics doing network discovery, automated worms, and badly designed "plug-n-play" software, your IDS system should be seeing stuff all the time. The Pentagon used to report amazing numbers for "network attacks," anything from a single ping up to a full scale network compromise, but I haven't found recent numbers for 2002 or later. FedCIRC put out these numbers for 2002. Count Type 125 Root compromise 111 User compromise 46 Web Site Defacement 488,000 Reconnaissance Activity 36 Denial of Service 265 Malicious Code 22 DNS Attack 39 Misuse of Resources 1,268 Unknown
Current thread:
- DSL-IP Probes Curiousity.. McBurnett, Jim (Mar 13)
- Re: DSL-IP Probes Curiousity.. Sean Donelan (Mar 13)
- Re: DSL-IP Probes Curiousity.. Scott Granados (Mar 13)
- Re: DSL-IP Probes Curiousity.. batz (Mar 13)
- <Possible follow-ups>
- Re: DSL-IP Probes Curiousity.. Mike Tancsa (Mar 13)
- RE: DSL-IP Probes Curiousity.. McBurnett, Jim (Mar 14)
- Re: DSL-IP Probes Curiousity.. Sean Donelan (Mar 13)