[Dshield] RE: (Dshield) Reserved Addresses

Mrcorp mrcorp at yahoo.com
Sat Mar 9 13:55:13 GMT 2002


how does one perform a port scan using spoofed packets?

mrcorp

--- Jeff Miller <jrm.wa at verizon.net> wrote:
> No, not safe to say at all.  It's most likely a spoofed packet from a script
> kiddie.  He's just looking for open holes.  If this packet was caught by
> your firewall, then your firewall did it's job.  If you see that address in
> your event log however, you should look into getting a firewall ASAP.
> 
> I would just ignore it, and be glad you're protected, though I fully
> understand the curiosity of wanting to know about what happened!
> 
> The 10.x.x.x source address should never have gotten to your ISP, and the
> fact that it did is not unusual.  It just means that the hacker's ISP is not
> filtering for valid source IP's like a responsible ISP should.  Take solace
> in the fact that hardly any ISP's are.  This is one of the major reasons why
> they should.
> 
> -----Original Message-----
> From: list-admin at dshield.org [mailto:list-admin at dshield.org]On Behalf Of
> Toney, Mark
> Sent: Wednesday, March 06, 2002 1:55 PM
> To: "Dshield" ; "Keith Gainford"
> Subject: [Dshield] RE: (Dshield) Reserved Addresses
> 
> 
>      Port 137 UDP could be either TROJ_MSINIT.A (see
>      http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=TROJ_MS
>      INIT.A) or NETBIOS Name Service.
> 
>      Since it's coming from a 10.X.X.X address, would it be safe to assume
>      that Keith's ISP probably has a machine with that address that is
>      sending the queries?
> 
>      Mark
> 
> 
> ______________________________ Reply Separator
> _________________________________
> Subject: (Dshield) Reserved Addresses
> Author:  "Keith Gainford" <SMTP:keith.gainford at btopenworld.com> at BUFFALO
> Date:    3/6/2002 1:43 PM
> 
> 
> I received two Port 137 UDP attacks from addresses within the 10.x.x.x
> block. I am a home user and am not very knowledgable about the reasons for
> Reserved Addresses. Is there any way of finding out where they have come
> from, and who if anyone to report this abuse to.
> 
> Keith G
> 
> _______________________________________________
> Dshield mailing list
> Dshield at dshield.org
> To change your subscription options (or unsubscribe), see:
> http://www1.dshield.org/mailman/listinfo/list
> 
> _______________________________________________
> Dshield mailing list
> Dshield at dshield.org
> To change your subscription options (or unsubscribe), see:
> http://www1.dshield.org/mailman/listinfo/list
> 
> _______________________________________________
> Dshield mailing list
> Dshield at dshield.org
> To change your subscription options (or unsubscribe), see:
http://www1.dshield.org/mailman/listinfo/list


__________________________________________________
Do You Yahoo!?
Try FREE Yahoo! Mail - the world's greatest free email!
http://mail.yahoo.com/




More information about the list mailing list