[Dshield] Scanning from 127.0.0.1

Jon R. Kibler Jon.Kibler at aset.com
Fri Sep 26 00:35:04 GMT 2003


Its simple: The remote IP is spoofed.

As I said in my RANT on RBLs, if ISPs were to do even brain dead packet filtering, we wouldn't have this problem. 

To answer your semi-question directly: Clearly, your ISP is ***NOT*** repeat ***NOT*** doing their job properly. In fact, they are not even doing a half A-ed job!

Write the editor of your local paper and complain about how lame your ISP is and how they are leaving you wide open to attack from virtually untraceable sources.

"The squeaky wheels get the grease." 

I am convinced that they only way that this group is ever going to have a serious impact on network security (other than protecting our own rears) is if we complain long and loud to the local media about every serious security breech that would otherwise go unnoticed.

We all need to become VERY NOISY squeaky wheels!

Jon R. Kibler
A.S.E.T., Inc.
Charleston, SC  USA


Bruce & Roma wrote:
> 
> Good Evening List;
> 
> I have noticed some unusual scanning activity that was blocked by
> my personal firewall yesterday and today.
> 
> Details as follows:
> 
> 24/09/03 07:20:29 PM Inbound TCP to local port ="1092"  Remote Port="80"
> Remote IP="127.0.0.1" Action Prevented
> 
> 24/09/03 07:22:14 PM Inbound TCP to local port ="1307"  Remote Port="80"
> Remote IP="127.0.0.1" Action Prevented
> 
> 25/09/03 07:21:57 PM Inbound TCP to local port ="1680" Remote Port="80"
> Remote IP="127.0.0.1" Action Prevented
> 
> What I do not understand is how this was ever routed, especially if
> my ISP is doing it's job properly.
> 
> Since CvtWin filters these types of scans these were not reported in my
> daily  scan submission.
> 
> Has anyone else encountered something similar lately?  Although possibly
> just a coincidence,
> all instances I've encountered have been during the same time frame (just
> after 7:20PM), yesterday and today.
> 
> Thanks.
> 
> Bruce
>




==================================================
Filtered by: TRUSTEM.COM's Email Filtering Service
http://www.trustem.com/
No Spam. No Viruses. Just Good Clean Email.



More information about the list mailing list