[73952] in North American Network Operators' Group
Re: Very peculiar Telnet probing (possibly spoofed?)
daemon@ATHENA.MIT.EDU (Suresh Ramasubramanian)
Thu Sep 9 01:54:18 2004
Date: Thu, 09 Sep 2004 11:24:44 +0530
From: Suresh Ramasubramanian <suresh@outblaze.com>
To: Jeff Kell <jeff-kell@utc.edu>
Cc: Michael.Dillon@radianz.com, nanog@merit.edu,
General DShield Discussion List <list@lists.dshield.org>
In-Reply-To: <413FEEB8.2070603@utc.edu>
Errors-To: owner-nanog-outgoing@merit.edu
Jeff Kell wrote:
> I'm getting attacks from:
>
> 159.226.x.x
> 202.x.x.x
> 203.x.x.x
These /8s are shared between a whole lot of different ISPs in different
countries.
Do the machines trying this typically look like botnets, or open proxies?
Do you notice any other traffic (malicious or otherwise) from these IPs
immediately before or after these telnet probes?
srs
