how to deal with port scan and brute force attack from AS 8075 ?

Brandon Vincent Brandon.Vincent at asu.edu
Mon Apr 4 03:54:01 UTC 2016


On Thu, Mar 31, 2016 at 4:41 AM, DV <iamzam at gmail.com> wrote:
> I have noticed this and especially the strange format of the packets with a
> SYN/ECE/CWR flag combination: http://pastebin.com/jFCDAmdr
>
> This may be $whoever trying to establish network performance/congestion via
> ECN or it could be something else like a fast scan technique or OS
> fingerprinting

It's OS fingerprinting. Targeted attacks are far more productive. If
I'm trying to get into an organization, I'd much rather be interested
in Juniper ScreenOS than someone's personal *nix machine.

Brandon Vincent



More information about the NANOG mailing list