Very peculiar Telnet probing (possibly spoofed?)
Suresh Ramasubramanian
suresh at outblaze.com
Thu Sep 9 05:54:44 UTC 2004
Jeff Kell wrote:
> I'm getting attacks from:
>
> 159.226.x.x
> 202.x.x.x
> 203.x.x.x
These /8s are shared between a whole lot of different ISPs in different
countries.
Do the machines trying this typically look like botnets, or open proxies?
Do you notice any other traffic (malicious or otherwise) from these IPs
immediately before or after these telnet probes?
srs
More information about the NANOG
mailing list