Has anyone seen a dramatic increase in FTP probes/scans/bad stuff from certain IP blocks in Taiwan or China? Specifically, 211/8, 61/8, and 202/7. I'm logging over 7500 probes/hr right now. Is there a new exploit out or something? Another network just surfaced: 210.82/15 -Gordon -------------------------------------------------- Gordon Ewasiuk, Certifed Sun Fanatic, Winstar VHC The REAL office number is here-----> 703.893.4901 Tired of BSODs, My Computer, and Code Red? http://www.sun.com/solaris/binaries/ -------------------------------------------------
Maybe I'm not getting attacked in the same way as you - perhaps its someone directing DoS at you or something? But I am seeing a massive increase in scans from lots of IPs and to lots of ports. Steve On Sun, 9 Sep 2001, Gordon Ewasiuk wrote:
Has anyone seen a dramatic increase in FTP probes/scans/bad stuff from certain IP blocks in Taiwan or China? Specifically, 211/8, 61/8, and 202/7. I'm logging over 7500 probes/hr right now. Is there a new exploit out or something?
Another network just surfaced: 210.82/15
-Gordon
-------------------------------------------------- Gordon Ewasiuk, Certifed Sun Fanatic, Winstar VHC The REAL office number is here-----> 703.893.4901 Tired of BSODs, My Computer, and Code Red? http://www.sun.com/solaris/binaries/ -------------------------------------------------
-- Stephen J. Wilcox IP Services Manager, Opal Telecom http://www.opaltelecom.co.uk/ Tel: 0161 222 2000 Fax: 0161 222 2008
Has anyone seen a dramatic increase in FTP probes/scans/bad stuff from certain IP blocks in Taiwan or China? Specifically, 211/8, 61/8, and 202/7. I'm logging over 7500 probes/hr right now. Is there a new exploit out or something?
Another network just surfaced: 210.82/15
I am getting lots of port 80'ish scans from those IP ranges. and a few port 139, but I have not seen a port 21 (FTP) scan from anyone in the last 30 minutes... while monitoring a /19 and a /20 locally.
On Today, mike harrison wrote:
Has anyone seen a dramatic increase in FTP probes/scans/bad stuff from certain IP blocks in Taiwan or China? Specifically, 211/8, 61/8, and 202/7. I'm logging over 7500 probes/hr right now. Is there a new exploit out or something?
Another network just surfaced: 210.82/15
I am getting lots of port 80'ish scans from those IP ranges. and a few port 139, but I have not seen a port 21 (FTP) scan from anyone in the last 30 minutes... while monitoring a /19 and a /20 locally.
Apprec. the info. Probes are falling off now. 25k in the last 6hrs (as of 1500hrs EST). Not much in the grand scheme of things but more then I like. A couple of servers at this facility are being targeted - no sooner had I ACL'ed one block when probes from a new block to the same targets surfaced. In any event, the target servers are offline pending a close inspection. Thanks to all that responded, -Gordon -------------------------------------------------- Gordon Ewasiuk, Certifed Sun Fanatic, Winstar VHC The REAL office number is here-----> 703.893.4901 Tired of BSODs, My Computer, and Code Red? http://www.sun.com/solaris/binaries/ -------------------------------------------------
"FORMOSA"...from Jonathan Swift's "Gulliver!" Please see: "Two Babylons" Gordon Ewasiuk <gewasiuk@gnmc.net> wrote: On Today, mike harrison wrote:
Has anyone seen a dramatic increase in FTP probes/scans/bad stuff from certain IP blocks in Taiwan or China? Specifically, 211/8, 61/8, and 202/7. I'm logging over 7500 probes/hr right now. Is there a new exploit out or something?
Another network just surfaced: 210.82/15
I am getting lots of port 80'ish scans from those IP ranges. and a few port 139, but I have not seen a port 21 (FTP) scan from anyone in the last 30 minutes... while monitoring a /19 and a /20 locally.
Apprec. the info. Probes are falling off now. 25k in the last 6hrs (as of 1500hrs EST). Not much in the grand scheme of things but more then I like. A couple of servers at this facility are being targeted - no sooner had I ACL'ed one block when probes from a new block to the same targets surfaced. In any event, the target servers are offline pending a close inspection. Thanks to all that responded, -Gordon -------------------------------------------------- Gordon Ewasiuk, Certifed Sun Fanatic, Winstar VHC The REAL office number is here-----> 703.893.4901 Tired of BSODs, My Computer, and Code Red? http://www.sun.com/solaris/binaries/ ------------------------------------------------- Kysi Ferul redwingblakburdz@yahoo.com --------------------------------- Do You Yahoo!? Get email alerts & NEW webcam video instant messaging with Yahoo! Messenger.
FORMOSA from Jonathan Swift's "Gulliver!" Please see: "Two Babylons" Gordon Ewasiuk <gewasiuk@gnmc.net> wrote: On Today, mike harrison wrote:
Has anyone seen a dramatic increase in FTP probes/scans/bad stuff from certain IP blocks in Taiwan or China? Specifically, 211/8, 61/8, and 202/7. I'm logging over 7500 probes/hr right now. Is there a new exploit out or something?
Another network just surfaced: 210.82/15
I am getting lots of port 80'ish scans from those IP ranges. and a few port 139, but I have not seen a port 21 (FTP) scan from anyone in the last 30 minutes... while monitoring a /19 and a /20 locally.
Apprec. the info. Probes are falling off now. 25k in the last 6hrs (as of 1500hrs EST). Not much in the grand scheme of things but more then I like. A couple of servers at this facility are being targeted - no sooner had I ACL'ed one block when probes from a new block to the same targets surfaced. In any event, the target servers are offline pending a close inspection. Thanks to all that responded, -Gordon -------------------------------------------------- Gordon Ewasiuk, Certifed Sun Fanatic, Winstar VHC The REAL office number is here-----> 703.893.4901 Tired of BSODs, My Computer, and Code Red? http://www.sun.com/solaris/binaries/ ------------------------------------------------- Kysi Ferul redwingblakburdz@yahoo.com --------------------------------- Do You Yahoo!? Get email alerts & NEW webcam video instant messaging with Yahoo! Messenger.
participants (4)
-
Gordon Ewasiuk -
kysi ferul -
mike harrison -
Stephen J. Wilcox