[Dshield] RE: (Dshield) Reserved Addresses

Jeff Miller jrm.wa at verizon.net
Sat Mar 9 17:01:51 GMT 2002


Using tools such as NMAP, which can insert the address of your choice.

-----Original Message-----
From: list-admin at dshield.org [mailto:list-admin at dshield.org]On Behalf Of
Mrcorp
Sent: Saturday, March 09, 2002 5:55 AM
To: list at dshield.org
Subject: RE: [Dshield] RE: (Dshield) Reserved Addresses


how does one perform a port scan using spoofed packets?

mrcorp

--- Jeff Miller <jrm.wa at verizon.net> wrote:
> No, not safe to say at all.  It's most likely a spoofed packet from a
script
> kiddie.  He's just looking for open holes.  If this packet was caught by
> your firewall, then your firewall did it's job.  If you see that address
in
> your event log however, you should look into getting a firewall ASAP.
>
> I would just ignore it, and be glad you're protected, though I fully
> understand the curiosity of wanting to know about what happened!
>
> The 10.x.x.x source address should never have gotten to your ISP, and the
> fact that it did is not unusual.  It just means that the hacker's ISP is
not
> filtering for valid source IP's like a responsible ISP should.  Take
solace
> in the fact that hardly any ISP's are.  This is one of the major reasons
why
> they should.
>
> -----Original Message-----
> From: list-admin at dshield.org [mailto:list-admin at dshield.org]On Behalf Of
> Toney, Mark
> Sent: Wednesday, March 06, 2002 1:55 PM
> To: "Dshield" ; "Keith Gainford"
> Subject: [Dshield] RE: (Dshield) Reserved Addresses
>
>
>      Port 137 UDP could be either TROJ_MSINIT.A (see
>
http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=TROJ_MS
>      INIT.A) or NETBIOS Name Service.
>
>      Since it's coming from a 10.X.X.X address, would it be safe to assume
>      that Keith's ISP probably has a machine with that address that is
>      sending the queries?
>
>      Mark
>
>
> ______________________________ Reply Separator
> _________________________________
> Subject: (Dshield) Reserved Addresses
> Author:  "Keith Gainford" <SMTP:keith.gainford at btopenworld.com> at BUFFALO
> Date:    3/6/2002 1:43 PM
>
>
> I received two Port 137 UDP attacks from addresses within the 10.x.x.x
> block. I am a home user and am not very knowledgable about the reasons for
> Reserved Addresses. Is there any way of finding out where they have come
> from, and who if anyone to report this abuse to.
>
> Keith G
>
> _______________________________________________
> Dshield mailing list
> Dshield at dshield.org
> To change your subscription options (or unsubscribe), see:
> http://www1.dshield.org/mailman/listinfo/list
>
> _______________________________________________
> Dshield mailing list
> Dshield at dshield.org
> To change your subscription options (or unsubscribe), see:
> http://www1.dshield.org/mailman/listinfo/list
>
> _______________________________________________
> Dshield mailing list
> Dshield at dshield.org
> To change your subscription options (or unsubscribe), see:
http://www1.dshield.org/mailman/listinfo/list


__________________________________________________
Do You Yahoo!?
Try FREE Yahoo! Mail - the world's greatest free email!
http://mail.yahoo.com/

_______________________________________________
Dshield mailing list
Dshield at dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list




More information about the list mailing list