multi-source port scan
- From: "Michael Jankowski" <skyjumpr@xxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Wed, 25 Jul 2001 23:28:03 -0500
Couldn't think of any other name for it. :) I'm currently monitoring
what appears to be a port scan originating from multiple sources.
Looking thru my Filter logs I see individual source IP's checking random
ports. Each source IP appears to check only one port. I haven't seen any
duplicate source IPs yet but I have seen duplicate ports. So far ISA has
blocked everyone of them. I've monitored the external and internal
traffic and so far nothing has gotten thru.
The scan has gone on for a little over 2 hours at this point. The
scan/attack hasn't appeared to affect performance. I'll comb thu the log
after a new log is started (around midnight) to see what I can find.
Michael
"Never attribute to malice that which can be adequately explained by
stupidity." Hanlon's Razor
Other related posts:
