[nsp-sec] coordinated telnet scan of 149.163.0.0
Smith, Donald
Donald.Smith at qwest.com
Tue Feb 12 12:24:10 EST 2008
If they are doing this "right" you won't see the scanners come back to
try bruteforcing.
Those will be low value throw away systems that will be easily detected
because of their rapid SYN scanning.
RM=for(1)
{manage_risk(identify_risk(product[i++]))}
Donald.Smith at qwest.com giac
> -----Original Message-----
> From: nsp-security-bounces at puck.nether.net
> [mailto:nsp-security-bounces at puck.nether.net] On Behalf Of
> Greenberg, David A
> Sent: Monday, February 11, 2008 4:28 PM
> To: nsp-security at puck.nether.net
> Subject: Re: [nsp-sec] coordinated telnet scan of 149.163.0.0
>
> ----------- nsp-security Confidential --------
>
>
I agree. We'll probably only see more of this as time goes on. I just
wanted to post the list in case somebody noticed a connection.
Looks like just SYN scanning so far. They have not come back from the
IPs I checked...yet.
Thanks,
David
<SNIP>
This communication is the property of Qwest and may contain confidential or
privileged information. Unauthorized use of this communication is strictly
prohibited and may be unlawful. If you have received this communication
in error, please immediately notify the sender by reply e-mail and destroy
all copies of the communication and any attachments.
More information about the nsp-security
mailing list