Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: "slow" half open tests (preparation for attacks?) SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
"slow" half open tests (preparation for attacks?)
Hi,
I'm seeing half open probes from a lot of ips on my IP as well as on an IP of a fried.
There are a few nets involved, but it is too slow for a DoS Attack. Maybe somebody does some preparations?

We see activities from:
-A badboys -s 193.218.113.0/24 -j DROP
-A badboys -s 194.29.208.0/24 -j DROP
-A badboys -s 194.29.210.0/24 -j DROP
-A badboys -s 194.29.211.0/24 -j DROP
-A badboys -s 194.29.212.0/24 -j DROP
-A badboys -s 194.29.213.0/24 -j DROP
-A badboys -s 194.29.214.0/24 -j DROP
-A badboys -s 194.29.215.0/24 -j DROP
-A badboys -s 217.68.208.0/24 -j DROP
-A badboys -s 217.68.209.0/24 -j DROP
-A badboys -s 217.68.210.0/24 -j DROP
-A badboys -s 217.68.211.0/24 -j DROP
-A badboys -s 217.68.212.0/24 -j DROP
-A badboys -s 217.68.213.0/24 -j DROP
-A badboys -s 217.68.214.0/24 -j DROP
-A badboys -s 217.68.215.0/24 -j DROP
-A badboys -s 217.68.216.0/24 -j DROP
-A badboys -s 217.68.217.0/24 -j DROP
-A badboys -s 217.68.218.0/24 -j DROP
-A badboys -s 217.68.220.0/24 -j DROP
-A badboys -s 217.68.221.0/24 -j DROP
-A badboys -s 217.68.223.0/24 -j DROP
-A badboys -s 91.188.192.0/24 -j DROP
-A badboys -s 91.188.193.0/24 -j DROP
-A badboys -s 91.188.194.0/24 -j DROP
-A badboys -s 91.188.195.0/24 -j DROP

(sorry for the simple copy&paste)

Klaus 		Anonymous

Quote Subscribe Oct 28th 2019
5 months ago

Sign Up for Free or Log In to start participating in the conversation!