[Dshield] Weird scanning, weird ports, weird TCP flags..

Jon R. Kibler Jon.Kibler at aset.com
Fri Oct 24 19:35:59 GMT 2003

"Jon R. Kibler" wrote:
> We too have been seeing a lot of apparent scanning on 'strange' TCP and UDP ports (ports > 32k) and thought that it was backscatter. However, upon closer analysis, most of these garbage packets are coming from bogus IPs (private address space and ranges like: 0/8, 1/8, 126/8, etc.) and we are only seeing a few per port.
> The amount of the garbage traffic has grown in the past week or two from one or two a day ports per day (fairly constant for the past few years) to now we are seeing dozens or more a day. A few are from legit IPs and are probably backscatter -- but anyone have any ideas about the rest coming from bogus IPs?

Hate to reply to my own message, but this thread got a little off track (nothing wrong with that!), and I never got any feedback on my original question... specifically, the strange ports coming from bogus IPs... any thoughts?


Jon R. Kibler
A.S.E.T., Inc.
Charleston, SC  USA

Filtered by: TRUSTEM.COM's Email Filtering Service
No Spam. No Viruses. Just Good Clean Email.

More information about the list mailing list