Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Security Incidents mailing list archives

Re: BIND scan from Wanadoo.fr
From: "Baribault, Gary" <gary () baribault net>
Date: Fri, 16 Aug 2002 12:31:59 -0400
I have seen them scan for misconfigured TP servers all the time .. and I block that on all of my firewalls, I think we all know when they add a new subnet, we get scanned and add it to our list of Wanadoo .. but what I'm saying is that this is the first time I see them originate high port and scan the destination port 53 .. that is what is new. 

Gary B

At 10:42 AM 8/16/2002 -0500, WebMaster () rbfcu org wrote:


I think the better question is, "has anyone ever seen the scans STOP".

wanadoo.fr is notorious for allowing this kind of garbage...

Thanks,
Michael Sorbera
Webmaster
Randolph-Brooks Federal Credit Union

"Never approach a problem with preconceived notions...having a theory is
something different, but having a preconceived notion means that you're not
necessarily going to look for data...you're going to look for data that
supports your assumption."
Gary Baribault <gary () baribaul To: incidents () securityfocus com t.net> cc: Subject: BIND scan from Wanadoo.fr 08/15/2002 07:23 PM 








I am used to seeing those idiots scanning for FTP and I have them all
blocked in and out with out logged .. Recently I say a big jump in OUTPUT
REJECTs and when I investigated I found 62.155/11 scanning for BIND .. I
also recently noticed them scanning for HTTP. Anyone seen this as well?

Gary Baribault
gary () baribault net


----------------------------------------------------------------------------

This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com



----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]