<a href="http://g.adspeed.net/ad.php?do=clk&zid=14678&wd=728&ht=90&pair=as" target="_top"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=14678&wd=728&ht=90&pair=as" alt="i" width="728" height="90"/></a>

Nmap Security Scanner

Docs
Security Lists

Full Disclosure

More
Security Tools

Packet crafters

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

edgeos

Security Incidents: Update: Scans From 192.168.0.134

Update: Scans From 192.168.0.134

From: Douglas P. Brown <Doug_at_UNC.EDU>
Date: Thu, 1 Feb 2001 13:51:24 -0500

It turns out that we were not blocking the RFC 1918 addresses at one place
were we should have had them filtered. This is going to be corrected - and
that will allow us to further narrow this down.

Thanks to all for the quick, thoughtful and thorough responses!

Best Wishes,
-DpB

"Douglas P. Brown" wrote:

> We are somewhat preplexed - Our IDS reported 8000+ SYN FIN scans from a
> non-routable address (192.168.0.134) to thousands of ours hosts
> yesterday. Our IDS setup is only seeing traffic that traverses our main
> router. Has anyone seen this before? Am I missing something? Any
> advice or direction you can offer would be greatly appreciated.
>
> Cheers,
> -DpB
> --
>
Received on Feb 01 2001

This message: [ Message body ]
Next message: James Crooks: "Re: Scans From 192.168.0.134"
Previous message: Daniel Martin: "Re: Scans From 192.168.0.134"
In reply to: Douglas P. Brown: "Scans From 192.168.0.134"
Next in thread: James Crooks: "Re: Scans From 192.168.0.134"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]

edgeos