[188592] in North American Network Operators' Group
Re: how to deal with port scan and brute force attack from AS 8075 ?
daemon@ATHENA.MIT.EDU (Brandon Vincent)
Thu Apr 7 09:41:08 2016
X-Original-To: nanog@nanog.org
In-Reply-To: <CAEiuvJCzSVuvL4ZzYpOzKiye7Efib1dNct+ToPMf7h6phA+8Qg@mail.gmail.com>
Date: Sun, 3 Apr 2016 20:54:01 -0700
From: Brandon Vincent <Brandon.Vincent@asu.edu>
To: DV <iamzam@gmail.com>
Cc: nanog@nanog.org
Errors-To: nanog-bounces@nanog.org
On Thu, Mar 31, 2016 at 4:41 AM, DV <iamzam@gmail.com> wrote:
> I have noticed this and especially the strange format of the packets with a
> SYN/ECE/CWR flag combination: http://pastebin.com/jFCDAmdr
>
> This may be $whoever trying to establish network performance/congestion via
> ECN or it could be something else like a fast scan technique or OS
> fingerprinting
It's OS fingerprinting. Targeted attacks are far more productive. If
I'm trying to get into an organization, I'd much rather be interested
in Juniper ScreenOS than someone's personal *nix machine.
Brandon Vincent
