[41422] in North American Network Operators' Group
Re: FTP Probes from Taiwan/China
daemon@ATHENA.MIT.EDU (mike harrison)
Sun Sep 9 13:01:37 2001
Date: Sun, 9 Sep 2001 12:59:48 -0400 (EDT)
From: mike harrison <meuon@highertech.net>
To: "Stephen J. Wilcox" <steve@opaltelecom.co.uk>
Cc: Gordon Ewasiuk <gewasiuk@gnmc.net>,
"nanog@merit.edu" <nanog@merit.edu>
In-Reply-To: <Pine.LNX.4.21.0109091048510.10367-100000@staff.opaltelecom.net>
Message-ID: <Pine.LNX.4.10.10109091257240.31593-100000@home.highertech.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Errors-To: owner-nanog-outgoing@merit.edu
> > Has anyone seen a dramatic increase in FTP probes/scans/bad stuff from
> > certain IP blocks in Taiwan or China? Specifically, 211/8, 61/8, and
> > 202/7. I'm logging over 7500 probes/hr right now. Is there a new
> > exploit out or something?
> >
> > Another network just surfaced: 210.82/15
I am getting lots of port 80'ish scans from those IP ranges.
and a few port 139, but I have not seen a port 21 (FTP) scan from anyone
in the last 30 minutes... while monitoring a /19 and a /20 locally.
