[Dshield] Weird scanning, weird ports, weird TCP flags..

Jon R. Kibler Jon.Kibler at aset.com
Fri Oct 24 19:35:59 GMT 2003


"Jon R. Kibler" wrote:
> We too have been seeing a lot of apparent scanning on 'strange' TCP and UDP ports (ports > 32k) and thought that it was backscatter. However, upon closer analysis, most of these garbage packets are coming from bogus IPs (private address space and ranges like: 0/8, 1/8, 126/8, etc.) and we are only seeing a few per port.
> 
> The amount of the garbage traffic has grown in the past week or two from one or two a day ports per day (fairly constant for the past few years) to now we are seeing dozens or more a day. A few are from legit IPs and are probably backscatter -- but anyone have any ideas about the rest coming from bogus IPs?


Hate to reply to my own message, but this thread got a little off track (nothing wrong with that!), and I never got any feedback on my original question... specifically, the strange ports coming from bogus IPs... any thoughts?

Thanks!

Jon R. Kibler
A.S.E.T., Inc.
Charleston, SC  USA




==================================================
Filtered by: TRUSTEM.COM's Email Filtering Service
http://www.trustem.com/
No Spam. No Viruses. Just Good Clean Email.



More information about the list mailing list