port scanning from spoofed addresses
Florian Weimer
fweimer at bfk.de
Thu Dec 3 17:35:14 UTC 2009
* Matthew Huff:
> We are seeing a large number of tcp connection attempts to ports
> known to have security issues. The source addresses are spoofed from
> our address range. They are easy to block at our border router
> obviously, but the number and volume is a bit worrisome. Our
> upstream providers appear to be uninterested in tracing or blocking
> them. Is this the new normal? One of my concerns is that if others
> are seeing probe attempts, they will see them from these addresses
> and of course, contact us.
What's the distribution of the source addresses and source ports?
--
Florian Weimer <fweimer at bfk.de>
BFK edv-consulting GmbH http://www.bfk.de/
Kriegsstraße 100 tel: +49-721-96201-1
D-76133 Karlsruhe fax: +49-721-96201-99
More information about the NANOG
mailing list