- A virtual community of network engineers
 Home  BookStore  StudyNotes  Links  Archives  StudyRooms  HelpWanted  Discounts  Login
Re: Off Topic - IP protocol scans [7:49358] posted 07/21/2002
[Chronological Index] [Thread Index] [Top] [Date Prev][Date Next] [Thread Prev][Thread Next]

never mind - I've done a bit of testing, and it appears that the IP number
that is incrementing is a count of distinct events. I.e. if I do a test
ping, let it sit a while, and do another test ping, I see the number

I gotta get out more.

""Chuck""  wrote in message
> I have a piece of equipment connected to the public internet for something
> I'm doing with a friend. It is protected by an access-list restricting the
> source address and the particular application.
> However, in monitoring the device, I am seeing what appear to be not only
> TCP port scans, but IP protocol scans. I.e. a series of inquiries using
> different successive IP protocol numbers.
> 17:43:26: datagramsize=48, IP 87: s=x.x.x.x (local), d=, totl
> 17:43:26: datagramsize=48, IP 87: s=x.x.x.x (local), d= (Fast
> 17:43:26: datagramsize=70, IP 87: s=x.x.x.x (local), d= (Fast
> 17:43:32: datagramsize=48, IP 88: s=x.x.x.x (local), d=,
> 56,
> 17:56:30: datagramsize=48, IP 90: s=x.x.x.x (local), d=, totle
> 17:56:36: datagramsize=48, IP 91: s=x.x.x.x (local), d=, totle
> ( this output is showing the reply my device is sending to the IP's in
> question. )
> at least, I am assuming that the IP XX = the IP protocol number, as
> by the debug.
> Just wondering if one of you security gurus might shed some light here,
> seeing as how out of touch I seem to be. This one of the standard hacking
> procedures? Been around a while? new because so many entities are now
> a lot more to crack down on TCP port scanning?
> I checked the various registries. The behavior is coming from several
> places, some Thailand, some Korea, some from customers of
> Just looking to increase my awareness.
> thanks.
> Chuck

Message Posted at:
FAQ, list archives, and subscription info:
Report misconduct and Nondisclosure violations to abuse@xxxxxxxxxxxxxx