|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Spoofed IP port scan?
From: Dave Chen (Dave_Chen
ACML.COM)Date: Tue Nov 14 2000 - 15:42:57 CST
- Next message: John Pettitt: "wuftpd (again)"
- Previous message: Florian Weimer: "Re: big increase in ftp scanning"
- Next in thread: Jose Nazario: "Re: Spoofed IP port scan?"
- Reply: Jose Nazario: "Re: Spoofed IP port scan?"
- Reply: Valdis Kletnieks: "Re: Spoofed IP port scan?"
- Reply: Russell Fulton: "Re: Spoofed IP port scan?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi,
I notice an increase in scanning for sunrpc, telnet,
ftp, etc for a range of IPs (that include our hosts in that IP
range). I've notify the ISP of the source address. One ISP
stated that they could not find the corresponding activity in
their external router, indicating the IP could be spoofed.
Question: If the IP is spoofed, how can the hacker get
the port scan information? They either have to be on my up
stream ISP or the up stream of the source IP to the scan results,
right?
Dave Chen CISSP
- Next message: John Pettitt: "wuftpd (again)"
- Previous message: Florian Weimer: "Re: big increase in ftp scanning"
- Next in thread: Jose Nazario: "Re: Spoofed IP port scan?"
- Reply: Jose Nazario: "Re: Spoofed IP port scan?"
- Reply: Valdis Kletnieks: "Re: Spoofed IP port scan?"
- Reply: Russell Fulton: "Re: Spoofed IP port scan?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]