DSL-IP Probes Curiousity..
Mike Tancsa
mike at sentex.net
Fri Mar 14 05:53:13 UTC 2003
At 05:19 PM 3/13/2003 -0500, McBurnett, Jim wrote:
>Hello,
>I am just curious about this.
>I see a rather unusual # of SNMP queiries
>and port scans from DSL
>IP blocks in the US...
>
>How many of you really go after the script kiddies
>doing this?
>
>I know 1, 2 or even 3 a day is not a concern for me,
>but when I get 3 a day from the same source IP allocation,
>I start wondering...
There is so much of it, I liken it to Internet background radiation. In
fact, if I didnt see a constant stream of this (either by accident-- SNMP
auto discovery, or design-- lets find all the 'private' routers and
switches out there) I would be more worried as my network probably has been
blackholed!
In terms of reporting it, I usually do if its more than just some automated
probe and is a directed attack against a particular device and is causing
some grief or potential grief. But it would be a full time job evaluating
and responding to each and every scan/hack attempt as the volume is way too
high. I think something like dshield is going in the right direction.
Ultimately if these things are not reported and the people doing them
sanctioned somehow, it wont stop.
Also, its March Break in many parts of North America... More time to do
these sorts of things.
---Mike
--------------------------------------------------------------------
Mike Tancsa, tel +1 519 651 3400
Sentex Communications, mike at sentex.net
Providing Internet since 1994 www.sentex.net
Cambridge, Ontario Canada www.sentex.net/mike
More information about the NANOG
mailing list