[27713] in North American Network Operators' Group
Re: Network Probes
daemon@ATHENA.MIT.EDU (Matthew R. Potter)
Thu Mar 9 17:20:48 2000
Message-Id: <3.0.6.32.20000309171818.007d0cf0@access.atpco.com>
Date: Thu, 09 Mar 2000 17:18:18 -0500
To: "Scott McGrath" <s_mcgrath@bexair.com>, nanog@merit.edu
From: "Matthew R. Potter" <mpotter@atpco.com>
In-Reply-To: <38C80DF3.6194803E@bexair.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Errors-To: owner-nanog-outgoing@merit.edu
>Hi,
>
>Has anyone else noticed probes against their network with a spoofed
>source address
>and Src (80) and Dst(2183)
Yes, all from Reserved(Private) IP's.. Over and over and over.. At two
minute intervals.
Mar 9 11:48:52 xxxxxxxx ipmon[23116]: 11:48:52.169293 xl1
@0:4 b 10.2.8.31,80 -> xxx.xxx.xxx.xxx,51419 PR tcp len 20 40 -AF
Mar 9 11:49:28 xxxxxxxx ipmon[23116]: 11:49:28.286393 xl1
@0:3 b 172.16.0.142,80 -> xxx.xxx.xxx.xxx,6736 PR tcp len 20 163 -AFP
begins again... in 2 minutes.. same IP's, Flags and ports.
M.
