[119867] in North American Network Operators' Group

home help back first fref pref prev next nref lref last post

port scanning from spoofed addresses

daemon@ATHENA.MIT.EDU (Matthew Huff)
Thu Dec 3 12:06:23 2009

From: Matthew Huff <mhuff@ox.com>
To: " (nanog@nanog.org)" <nanog@nanog.org>
Date: Thu, 3 Dec 2009 12:05:09 -0500
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org

We are seeing a large number of tcp connection attempts to ports known to h=
ave security issues. The source addresses are spoofed from our address rang=
e. They are easy to block at our border router obviously, but the number an=
d volume is a bit worrisome. Our upstream providers appear to be uninterest=
ed in tracing or blocking them. Is this the new normal? One of my concerns =
is that if others are seeing probe attempts, they will see them from these =
addresses and of course, contact us.

Any suggestions on what to do next? Or just ignore.

----
Matthew Huff=A0=A0=A0=A0=A0=A0 | One Manhattanville Rd
OTA Management LLC | Purchase, NY 10577
http://www.ox.com=A0 | Phone: 914-460-4039
aim: matthewbhuff=A0 | Fax:=A0=A0 914-460-4139




home help back first fref pref prev next nref lref last post