[Dshield] Scans occurring in large bursts
security at admin.fulgan.com
Wed Feb 11 18:22:49 GMT 2004
JRK> Normally, I would think that someone is either nmap-ing us or
JRK> running an open proxy testing program, except for the source IPs
JRK> differ for each probe.
My bet would be that someone is NMapping you using the -D (decoy)
option. In short, it's sending a large range of packets with dummy
source IP (provided by the command-line) in order to hide the one true
IP in the list: the one of the attacker.
That's of course, only a possibility.
More information about the list