|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |
Date: Sun, 9 Sep 2001 15:35:14 -0400 (EDT) From: Gordon Ewasiuk <gewasiuk@gnmc.net> To: mike harrison <meuon@highertech.net> Cc: "Stephen J. Wilcox" <steve@opaltelecom.co.uk>, "nanog@merit.edu" <nanog@merit.edu> In-Reply-To: <Pine.LNX.4.10.10109091257240.31593-100000@home.highertech.net> Message-ID: <Pine.GSO.4.33.0109091526110.7839-100000@enterprise.gnmc.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Errors-To: owner-nanog-outgoing@merit.edu On Today, mike harrison wrote: >> > Has anyone seen a dramatic increase in FTP probes/scans/bad stuff from >> > certain IP blocks in Taiwan or China? Specifically, 211/8, 61/8, and >> > 202/7. I'm logging over 7500 probes/hr right now. Is there a new >> > exploit out or something? >> > >> > Another network just surfaced: 210.82/15 > >I am getting lots of port 80'ish scans from those IP ranges. >and a few port 139, but I have not seen a port 21 (FTP) scan from anyone >in the last 30 minutes... while monitoring a /19 and a /20 locally. Apprec. the info. Probes are falling off now. 25k in the last 6hrs (as of 1500hrs EST). Not much in the grand scheme of things but more then I like. A couple of servers at this facility are being targeted - no sooner had I ACL'ed one block when probes from a new block to the same targets surfaced. In any event, the target servers are offline pending a close inspection. Thanks to all that responded, -Gordon -------------------------------------------------- Gordon Ewasiuk, Certifed Sun Fanatic, Winstar VHC The REAL office number is here-----> 703.893.4901 Tired of BSODs, My Computer, and Code Red? http://www.sun.com/solaris/binaries/ -------------------------------------------------
|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |