From: Gongya Yu [mailto:yudhcp-243-81.gongya.net]
> Hi, all:
> I keep getting port 22 scanning across the whole subnets. The
> source port is also 22. The source ips are 203.198.176.51 (HK),
> 211.239.122.12 (KR) and 202.185.203.66 (MY).

Welcome to the club! Not a day goes by that we don't see something
originating from HK/KR. And reflexive scans (same src and dst port) for ssh
is extremely popular.

> Any tools outside can be used to specify the source port when
> doing scanning ?

hping, among others...

> Anyone has got the same scanning ?
>

just this morning. ;-) same stimulus, different HK/KR IP.

>

- Jeff

_______________________________________________________________

Don't miss the 2002 Sprint PCS Application Developer's Conference
August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm

_______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]