<a href="http://g.adspeed.net/ad.php?do=clk&zid=14678&wd=728&ht=90&pair=as" target="_top"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=14678&wd=728&ht=90&pair=as" alt="i" width="728" height="90"/></a>

Nmap Security Scanner

Docs
Security Lists

Full Disclosure

More
Security Tools

Packet crafters

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

edgeos

Security Incidents: Re: Scans From 192.168.0.134

Re: Scans From 192.168.0.134

From: Alan Hannan <alan_at_ROUTINGLOOP.COM>
Date: Thu, 1 Feb 2001 08:44:36 -0800

  NMAP allows one to send bogus source IP addresses along w/
  real prbes to obfuscate the source. Could it be that these
  scans are mated with other IP addresses?

-alan

Thus spake Douglas P. Brown (Doug_at_UNC.EDU)
on or about Thu, Feb 01, 2001 at 10:29:57AM -0500:
> We are somewhat preplexed - Our IDS reported 8000+ SYN FIN scans from a
> non-routable address (192.168.0.134) to thousands of ours hosts
> yesterday. Our IDS setup is only seeing traffic that traverses our main
> router. Has anyone seen this before? Am I missing something? Any
> advice or direction you can offer would be greatly appreciated.
>
> Cheers,
> -DpB
> --
>
> Douglas P. Brown
> University of North Carolina
> I.T. Security Consultant
> 105 Abernethy Hall
Received on Feb 01 2001

This message: [ Message body ]
Next message: Melissa: "Re: ICMP_TIME_EXCEEDED to network address?"
Previous message: Douglas P. Brown: "Scans From 192.168.0.134"
In reply to: Douglas P. Brown: "Scans From 192.168.0.134"
Next in thread: Jon O.: "Re: Scans From 192.168.0.134"
Reply: Jon O.: "Re: Scans From 192.168.0.134"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]

edgeos