Threat Level: green Handler on Duty: Bojan Zdrnja

SANS ISC: "slow" half open tests (preparation for attacks?) SANS ISC InfoSec Forums

Special Webcast: What you need to know about the crypt32.dll vulnerability. Register Now

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
"slow" half open tests (preparation for attacks?)
Hi,
I'm seeing half open probes from a lot of ips on my IP as well as on an IP of a fried.
There are a few nets involved, but it is too slow for a DoS Attack. Maybe somebody does some preparations?

We see activities from:
-A badboys -s 193.218.113.0/24 -j DROP
-A badboys -s 194.29.208.0/24 -j DROP
-A badboys -s 194.29.210.0/24 -j DROP
-A badboys -s 194.29.211.0/24 -j DROP
-A badboys -s 194.29.212.0/24 -j DROP
-A badboys -s 194.29.213.0/24 -j DROP
-A badboys -s 194.29.214.0/24 -j DROP
-A badboys -s 194.29.215.0/24 -j DROP
-A badboys -s 217.68.208.0/24 -j DROP
-A badboys -s 217.68.209.0/24 -j DROP
-A badboys -s 217.68.210.0/24 -j DROP
-A badboys -s 217.68.211.0/24 -j DROP
-A badboys -s 217.68.212.0/24 -j DROP
-A badboys -s 217.68.213.0/24 -j DROP
-A badboys -s 217.68.214.0/24 -j DROP
-A badboys -s 217.68.215.0/24 -j DROP
-A badboys -s 217.68.216.0/24 -j DROP
-A badboys -s 217.68.217.0/24 -j DROP
-A badboys -s 217.68.218.0/24 -j DROP
-A badboys -s 217.68.220.0/24 -j DROP
-A badboys -s 217.68.221.0/24 -j DROP
-A badboys -s 217.68.223.0/24 -j DROP
-A badboys -s 91.188.192.0/24 -j DROP
-A badboys -s 91.188.193.0/24 -j DROP
-A badboys -s 91.188.194.0/24 -j DROP
-A badboys -s 91.188.195.0/24 -j DROP

(sorry for the simple copy&paste)

Klaus
Anonymous

Sign Up for Free or Log In to start participating in the conversation!