Re: Off Topic - IP protocol scans [7:49358] posted 07/21/2002
- Subject: Re: Off Topic - IP protocol scans [7:49358]
- From: "Chuck" <chuck@xxxxxxxxxxxxx>
- Date: Sun, 21 Jul 2002 19:38:13 GMT
never mind - I've done a bit of testing, and it appears that the IP number
that is incrementing is a count of distinct events. I.e. if I do a test
ping, let it sit a while, and do another test ping, I see the number
I gotta get out more.
""Chuck"" wrote in message
> I have a piece of equipment connected to the public internet for something
> I'm doing with a friend. It is protected by an access-list restricting the
> source address and the particular application.
> However, in monitoring the device, I am seeing what appear to be not only
> TCP port scans, but IP protocol scans. I.e. a series of inquiries using
> different successive IP protocol numbers.
> 17:43:26: datagramsize=48, IP 87: s=x.x.x.x (local), d=220.127.116.11, totl
> 17:43:26: datagramsize=48, IP 87: s=x.x.x.x (local), d=18.104.22.168 (Fast
> 17:43:26: datagramsize=70, IP 87: s=x.x.x.x (local), d=22.214.171.124 (Fast
> 17:43:32: datagramsize=48, IP 88: s=x.x.x.x (local), d=126.96.36.199,
> 17:56:30: datagramsize=48, IP 90: s=x.x.x.x (local), d=188.8.131.52, totle
> 17:56:36: datagramsize=48, IP 91: s=x.x.x.x (local), d=184.108.40.206, totle
> ( this output is showing the reply my device is sending to the IP's in
> question. )
> at least, I am assuming that the IP XX = the IP protocol number, as
> by the debug.
> Just wondering if one of you security gurus might shed some light here,
> seeing as how out of touch I seem to be. This one of the standard hacking
> procedures? Been around a while? new because so many entities are now
> a lot more to crack down on TCP port scanning?
> I checked the various registries. The behavior is coming from several
> places, some Thailand, some Korea, some from customers of ATT.net
> Just looking to increase my awareness.
Message Posted at:
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to abuse@xxxxxxxxxxxxxx