How to detect invasions?
I.M.Walberg
imw at tiac.net
Fri Aug 29 23:19:36 EDT 2003
On Fri, 29 Aug 2003, Dave Gavin wrote:
> You may also find that it's some morons doing portscans or web attacks
> on your address - it's amazing how many systems are out there trying to
> spread virii. I get a couple of thousand hits on my firewall each day
> with a fairly static IP address and I used to see quite a bit of
> incoming nonsense on my dialup before I got a cable modem.
Dave,
Looks like your suggestion is right on the money. The traffic is being
generated by pings and DCE endpoint resolution scans (which DShield at
www.powersource.cx reports as the Most Scanned Port). I got 11 pings
and 16 scans in a single minute. That works out to over 23,000 DCE
scans a day. Fortunately the sends from my end are "Destination unreachable"
responses.
Thanks for the helping hand.
Ilane
More information about the Discuss
mailing list