[188596] in North American Network Operators' Group
Re: how to deal with port scan and brute force attack from AS 8075 ?
daemon@ATHENA.MIT.EDU (Bacon Zombie)
Thu Apr 7 09:59:51 2016
X-Original-To: nanog@nanog.org
In-Reply-To: <CAJm4239TbsiQTMaERHwfW1w9P+o89CkBtOXRSroCGqS8RqG9EA@mail.gmail.com>
Date: Thu, 7 Apr 2016 15:59:48 +0200
From: Bacon Zombie <baconzombie@gmail.com>
To: Brandon Vincent <Brandon.Vincent@asu.edu>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
They should always just use Shodan.
https://www.shodan.io/explore
On 4 April 2016 at 05:54, Brandon Vincent <Brandon.Vincent@asu.edu> wrote:
> On Thu, Mar 31, 2016 at 4:41 AM, DV <iamzam@gmail.com> wrote:
>> I have noticed this and especially the strange format of the packets with a
>> SYN/ECE/CWR flag combination: http://pastebin.com/jFCDAmdr
>>
>> This may be $whoever trying to establish network performance/congestion via
>> ECN or it could be something else like a fast scan technique or OS
>> fingerprinting
>
> It's OS fingerprinting. Targeted attacks are far more productive. If
> I'm trying to get into an organization, I'd much rather be interested
> in Juniper ScreenOS than someone's personal *nix machine.
>
> Brandon Vincent
--
BaconZombie
55:55:44:44:4C:52:4C:52:42:41
LOAD "*",8,1
