Stopping ip range scans

haesu at haesu at
Mon Dec 29 13:48:25 UTC 2003

[.. SNIP ..]

> The problem is these are random scans, the traffic is going to ips that 
> are not used and never were. They're clearly a random sequential scans.

In this particular case, null-routing your aggregate is your friend. Or get a
sink hole and suck down all the !traffic to it. Please, it's the internet. Port
scans are nothing out of the ordinary.


James Jun (formerly Haesu)
TowardEX Technologies, Inc.
1740 Massachusetts Ave.
Boxborough, MA 01719
Consulting, IPv4 & IPv6 colocation, web hosting, network design & implementation  | james at
Cell: (978)394-2867      | Office: (978)263-3399 Ext. 170
Fax: (978)263-0033       | AIM: GigabitEthernet0

More information about the NANOG mailing list