"slow" half open tests (preparation for attacks?)

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Handler on Duty: Didier Stevens

Threat Level: green

"slow" half open tests (preparation for attacks?)
Hi, I'm seeing half open probes from a lot of ips on my IP as well as on an IP of a fried. There are a few nets involved, but it is too slow for a DoS Attack. Maybe somebody does some preparations? We see activities from: -A badboys -s 193.218.113.0/24 -j DROP -A badboys -s 194.29.208.0/24 -j DROP -A badboys -s 194.29.210.0/24 -j DROP -A badboys -s 194.29.211.0/24 -j DROP -A badboys -s 194.29.212.0/24 -j DROP -A badboys -s 194.29.213.0/24 -j DROP -A badboys -s 194.29.214.0/24 -j DROP -A badboys -s 194.29.215.0/24 -j DROP -A badboys -s 217.68.208.0/24 -j DROP -A badboys -s 217.68.209.0/24 -j DROP -A badboys -s 217.68.210.0/24 -j DROP -A badboys -s 217.68.211.0/24 -j DROP -A badboys -s 217.68.212.0/24 -j DROP -A badboys -s 217.68.213.0/24 -j DROP -A badboys -s 217.68.214.0/24 -j DROP -A badboys -s 217.68.215.0/24 -j DROP -A badboys -s 217.68.216.0/24 -j DROP -A badboys -s 217.68.217.0/24 -j DROP -A badboys -s 217.68.218.0/24 -j DROP -A badboys -s 217.68.220.0/24 -j DROP -A badboys -s 217.68.221.0/24 -j DROP -A badboys -s 217.68.223.0/24 -j DROP -A badboys -s 91.188.192.0/24 -j DROP -A badboys -s 91.188.193.0/24 -j DROP -A badboys -s 91.188.194.0/24 -j DROP -A badboys -s 91.188.195.0/24 -j DROP (sorry for the simple copy&paste) Klaus	Anonymous
thread locked Quote Subscribe	Oct 28th 2019 2 years ago