TCP Null Scans
104 views
Skip to first unread message
Brad
Mar 26, 2013, 9:57:12 AM3/26/13
to iscds...@googlegroups.com
On March 20th, one of our IDS sensors started picking up some TCP null scans from many different addresses, which are still coming in. Two packets are sent from each address everytime. They aren't coming in fast at all, and there doesn't seem to be a set amount of time where they show up either. No other alerts have been triggered from the source IP addresses.
I've spot checked some of the source addresses (see below), and they're all over the board (other countries, state governments, universities, others). I'm just not sure what the point is or what the cause might be. This sensor has picked up null scans before, but I've never seen it persist over many days with so many different sources like this.
Anyone seeing something similar? I'm not sure what to make of it. Each packet is simply an IP header with the DF flag set, no options, no TCP flags or options and no payload.
| Alert Details | ||||||
| Time | Severity | Attack | Source IP | Source Port | Destination Port | Attack Count |
| Tue Mar 26 07:59:59 CDT 2013 | LOW | SCAN: NULL Probe | 124.223.213.184 | 48558 | 39981 | 1 |
| Tue Mar 26 07:59:54 CDT 2013 | LOW | SCAN: NULL Probe | 124.223.213.184 | 48558 | 39981 | 1 |
| Tue Mar 26 07:30:12 CDT 2013 | LOW | SCAN: NULL Probe | 64.5.142.89 | 24275 | 5614 | 1 |
| Tue Mar 26 07:30:06 CDT 2013 | LOW | SCAN: NULL Probe | 64.5.142.89 | 24275 | 5614 | 1 |
| Tue Mar 26 07:00:01 CDT 2013 | LOW | SCAN: NULL Probe | 170.9.63.152 | 34695 | 44461 | 1 |
| Tue Mar 26 06:59:56 CDT 2013 | LOW | SCAN: NULL Probe | 170.9.63.152 | 34695 | 44461 | 1 |
| Tue Mar 26 06:45:43 CDT 2013 | LOW | SCAN: NULL Probe | 83.239.3.79 | 24371 | 46078 | 1 |
| Tue Mar 26 06:45:38 CDT 2013 | LOW | SCAN: NULL Probe | 83.239.3.79 | 24371 | 46078 | 1 |
| Tue Mar 26 05:36:50 CDT 2013 | LOW | SCAN: NULL Probe | 29.140.83.246 | 9268 | 39106 | 1 |
| Tue Mar 26 05:36:45 CDT 2013 | LOW | SCAN: NULL Probe | 29.140.83.246 | 9268 | 39106 | 1 |
| Tue Mar 26 04:58:56 CDT 2013 | LOW | SCAN: NULL Probe | 194.147.68.211 | 42570 | 5385 | 1 |
| Tue Mar 26 04:58:51 CDT 2013 | LOW | SCAN: NULL Probe | 194.147.68.211 | 42570 | 5385 | 1 |
| Tue Mar 26 03:20:52 CDT 2013 | LOW | SCAN: NULL Probe | 102.121.179.181 | 11102 | 40843 | 1 |
| Tue Mar 26 03:20:44 CDT 2013 | LOW | SCAN: NULL Probe | 102.121.179.181 | 11102 | 40843 | 1 |
| Tue Mar 26 03:20:16 CDT 2013 | LOW | SCAN: NULL Probe | 90.94.147.39 | 55914 | 58459 | 1 |
| Tue Mar 26 03:20:11 CDT 2013 | LOW | SCAN: NULL Probe | 90.94.147.39 | 55914 | 58459 | 1 |
| Tue Mar 26 01:18:55 CDT 2013 | LOW | SCAN: NULL Probe | 158.104.64.69 | 57327 | 64937 | 1 |
| Tue Mar 26 01:18:50 CDT 2013 | LOW | SCAN: NULL Probe | 158.104.64.69 | 57327 | 64937 | 1 |
| Tue Mar 26 00:54:22 CDT 2013 | LOW | SCAN: NULL Probe | 187.91.208.78 | 18552 | 46969 | 1 |
| Tue Mar 26 00:54:17 CDT 2013 | LOW | SCAN: NULL Probe | 187.91.208.78 | 18552 | 46969 | 1 |
| Mon Mar 25 22:36:12 CDT 2013 | LOW | SCAN: NULL Probe | 85.178.46.114 | 33004 | 6233 | 1 |
| Mon Mar 25 22:36:07 CDT 2013 | LOW | SCAN: NULL Probe | 85.178.46.114 | 33004 | 6233 | 1 |
| Mon Mar 25 22:32:28 CDT 2013 | LOW | SCAN: NULL Probe | 38.11.36.184 | 16034 | 45833 | 1 |
| Mon Mar 25 22:32:22 CDT 2013 | LOW | SCAN: NULL Probe | 38.11.36.184 | 16034 | 45833 | 1 |
| Mon Mar 25 20:38:30 CDT 2013 | LOW | SCAN: NULL Probe | 162.189.150.39 | 33197 | 56924 | 1 |
| Mon Mar 25 20:38:25 CDT 2013 | LOW | SCAN: NULL Probe | 162.189.150.39 | 33197 | 56924 | 1 |
| Mon Mar 25 19:46:45 CDT 2013 | LOW | SCAN: NULL Probe | 134.80.195.165 | 55418 | 32031 | 1 |
| Mon Mar 25 19:46:40 CDT 2013 | LOW | SCAN: NULL Probe | 134.80.195.165 | 55418 | 32031 | 1 |
| Mon Mar 25 19:27:14 CDT 2013 | LOW | SCAN: NULL Probe | 212.5.114.249 | 8223 | 18 | 1 |
| Mon Mar 25 19:27:09 CDT 2013 | LOW | SCAN: NULL Probe | 212.5.114.249 | 8223 | 18 | 1 |
| Mon Mar 25 19:21:03 CDT 2013 | LOW | SCAN: NULL Probe | 75.14.99.165 | 52670 | 4246 | 1 |
| Mon Mar 25 19:20:58 CDT 2013 | LOW | SCAN: NULL Probe | 75.14.99.165 | 52670 | 4246 | 1 |
| Mon Mar 25 19:01:45 CDT 2013 | LOW | SCAN: NULL Probe | 213.214.251.186 | 56260 | 42927 | 1 |
| Mon Mar 25 19:01:39 CDT 2013 | LOW | SCAN: NULL Probe | 213.214.251.186 | 56260 | 42927 | 1 |
| Mon Mar 25 18:58:09 CDT 2013 | LOW | SCAN: NULL Probe | 128.178.187.246 | 35148 | 2199 | 1 |
| Mon Mar 25 18:58:04 CDT 2013 | LOW | SCAN: NULL Probe | 128.178.187.246 | 35148 | 2199 | 1 |
| Mon Mar 25 18:33:51 CDT 2013 | LOW | SCAN: NULL Probe | 161.61.70.26 | 56356 | 1172 | 1 |
| Mon Mar 25 18:33:46 CDT 2013 | LOW | SCAN: NULL Probe | 161.61.70.26 | 56356 | 1172 | 1 |
| Mon Mar 25 15:59:04 CDT 2013 | LOW | SCAN: NULL Probe | 98.95.71.178 | 55133 | 18739 | 1 |
| Mon Mar 25 15:58:56 CDT 2013 | LOW | SCAN: NULL Probe | 98.95.71.178 | 55133 | 18739 | 1 |
| Mon Mar 25 13:07:44 CDT 2013 | LOW | SCAN: NULL Probe | 156.223.51.38 | 32635 | 9653 | 1 |
| Mon Mar 25 13:07:39 CDT 2013 | LOW | SCAN: NULL Probe | 156.223.51.38 | 32635 | 9653 | 1 |
| Mon Mar 25 12:06:23 CDT 2013 | LOW | SCAN: NULL Probe | 44.19.31.73 | 5913 | 27856 | 1 |
| Mon Mar 25 12:06:18 CDT 2013 | LOW | SCAN: NULL Probe | 44.19.31.73 | 5913 | 27856 | 1 |
| Mon Mar 25 12:03:39 CDT 2013 | LOW | SCAN: NULL Probe | 207.231.142.175 | 58580 | 31691 | 1 |
| Mon Mar 25 12:03:34 CDT 2013 | LOW | SCAN: NULL Probe | 207.231.142.175 | 58580 | 31691 | 1 |
| Mon Mar 25 09:51:20 CDT 2013 | LOW | SCAN: NULL Probe | 198.84.38.188 | 50651 | 55894 | 1 |
| Mon Mar 25 09:51:15 CDT 2013 | LOW | SCAN: NULL Probe | 198.84.38.188 | 50651 | 55894 | 1 |
| Mon Mar 25 08:27:54 CDT 2013 | LOW | SCAN: NULL Probe | 89.91.210.68 | 43786 | 7382 | 1 |
| Mon Mar 25 08:27:49 CDT 2013 | LOW | SCAN: NULL Probe | 89.91.210.68 | 43786 | 7382 | 1 |
| Mon Mar 25 06:27:52 CDT 2013 | LOW | SCAN: NULL Probe | 121.171.203.22 | 24654 | 6301 | 1 |
| Mon Mar 25 06:27:47 CDT 2013 | LOW | SCAN: NULL Probe | 121.171.203.22 | 24654 | 6301 | 1 |
| Mon Mar 25 06:04:10 CDT 2013 | LOW | SCAN: NULL Probe | 178.54.94.8 | 62343 | 51373 | 1 |
| Mon Mar 25 06:04:05 CDT 2013 | LOW | SCAN: NULL Probe | 178.54.94.8 | 62343 | 51373 | 1 |
| Mon Mar 25 05:29:17 CDT 2013 | LOW | SCAN: NULL Probe | 108.176.175.48 | 56989 | 45415 | 1 |
| Mon Mar 25 05:29:12 CDT 2013 | LOW | SCAN: NULL Probe | 108.176.175.48 | 56989 | 45415 | 1 |
| Mon Mar 25 04:59:17 CDT 2013 | LOW | SCAN: NULL Probe | 38.226.195.185 | 63009 | 29291 | 1 |
| Mon Mar 25 04:59:12 CDT 2013 | LOW | SCAN: NULL Probe | 38.226.195.185 | 63009 | 29291 | 1 |
| Mon Mar 25 04:52:00 CDT 2013 | LOW | SCAN: NULL Probe | 172.151.201.181 | 65152 | 12136 | 1 |
| Mon Mar 25 04:51:53 CDT 2013 | LOW | SCAN: NULL Probe | 172.151.201.181 | 65152 | 12136 | 1 |
| Mon Mar 25 03:51:28 CDT 2013 | LOW | SCAN: NULL Probe | 205.21.142.123 | 12380 | 6349 | 1 |
| Mon Mar 25 03:51:28 CDT 2013 | LOW | SCAN: NULL Probe | 205.21.142.123 | 12380 | 6349 | 1 |
| Mon Mar 25 00:50:46 CDT 2013 | LOW | SCAN: NULL Probe | 33.75.187.174 | 30066 | 2779 | 1 |
| Mon Mar 25 00:50:40 CDT 2013 | LOW | SCAN: NULL Probe | 33.75.187.174 | 30066 | 2779 | 1 |
| Mon Mar 25 00:00:42 CDT 2013 | LOW | SCAN: NULL Probe | 202.145.214.129 | 26399 | 59727 | 1 |
| Mon Mar 25 00:00:37 CDT 2013 | LOW | SCAN: NULL Probe | 202.145.214.129 | 26399 | 59727 | 1 |
| Sun Mar 24 23:34:17 CDT 2013 | LOW | SCAN: NULL Probe | 126.250.117.174 | 18938 | 34626 | 1 |
| Sun Mar 24 23:34:11 CDT 2013 | LOW | SCAN: NULL Probe | 126.250.117.174 | 18938 | 34626 | 1 |
| Sun Mar 24 21:29:27 CDT 2013 | LOW | SCAN: NULL Probe | 128.183.1.54 | 24695 | 4748 | 1 |
| Sun Mar 24 21:29:20 CDT 2013 | LOW | SCAN: NULL Probe | 128.183.1.54 | 24695 | 4748 | 1 |
| Sun Mar 24 21:27:50 CDT 2013 | LOW | SCAN: NULL Probe | 108.135.164.169 | 8977 | 55815 | 1 |
| Sun Mar 24 21:27:45 CDT 2013 | LOW | SCAN: NULL Probe | 108.135.164.169 | 8977 | 55815 | 1 |
| Sun Mar 24 20:09:06 CDT 2013 | LOW | SCAN: NULL Probe | 199.69.109.136 | 41945 | 9496 | 1 |
| Sun Mar 24 20:09:01 CDT 2013 | LOW | SCAN: NULL Probe | 199.69.109.136 | 41945 | 9496 | 1 |
| Sun Mar 24 18:56:42 CDT 2013 | LOW | SCAN: NULL Probe | 139.211.203.252 | 5285 | 18464 | 1 |
| Sun Mar 24 18:56:36 CDT 2013 | LOW | SCAN: NULL Probe | 139.211.203.252 | 5285 | 18464 | 1 |
| Sun Mar 24 17:39:37 CDT 2013 | LOW | SCAN: NULL Probe | 184.247.39.82 | 8711 | 4588 | 1 |
| Sun Mar 24 17:39:31 CDT 2013 | LOW | SCAN: NULL Probe | 184.247.39.82 | 8711 | 4588 | 1 |
| Sun Mar 24 17:33:41 CDT 2013 | LOW | SCAN: NULL Probe | 86.253.161.88 | 5015 | 62824 | 1 |
| Sun Mar 24 17:33:36 CDT 2013 | LOW | SCAN: NULL Probe | 86.253.161.88 | 5015 | 62824 | 1 |
| Sun Mar 24 15:58:53 CDT 2013 | LOW | SCAN: NULL Probe | 50.38.177.16 | 25163 | 27754 | 1 |
| Sun Mar 24 15:58:48 CDT 2013 | LOW | SCAN: NULL Probe | 50.38.177.16 | 25163 | 27754 | 1 |
| Sun Mar 24 12:16:54 CDT 2013 | LOW | SCAN: NULL Probe | 141.110.107.31 | 12057 | 47575 | 1 |
| Sun Mar 24 12:16:48 CDT 2013 | LOW | SCAN: NULL Probe | 141.110.107.31 | 12057 | 47575 | 1 |
| Sun Mar 24 10:41:22 CDT 2013 | LOW | SCAN: NULL Probe | 63.127.6.48 | 60603 | 54661 | 1 |
| Sun Mar 24 10:41:16 CDT 2013 | LOW | SCAN: NULL Probe | 63.127.6.48 | 60603 | 54661 | 1 |
| Sun Mar 24 09:37:12 CDT 2013 | LOW | SCAN: NULL Probe | 42.161.251.54 | 23393 | 14962 | 1 |
| Sun Mar 24 09:37:07 CDT 2013 | LOW | SCAN: NULL Probe | 42.161.251.54 | 23393 | 14962 | 1 |
| Sun Mar 24 09:28:06 CDT 2013 | LOW | SCAN: NULL Probe | 158.166.223.186 | 56554 | 38051 | 1 |
| Sun Mar 24 09:28:01 CDT 2013 | LOW | SCAN: NULL Probe | 158.166.223.186 | 56554 | 38051 | 1 |
| Sun Mar 24 05:29:50 CDT 2013 | LOW | SCAN: NULL Probe | 215.108.161.69 | 11674 | 17213 | 1 |
| Sun Mar 24 05:29:45 CDT 2013 | LOW | SCAN: NULL Probe | 215.108.161.69 | 11674 | 17213 | 1 |
| Sun Mar 24 05:00:11 CDT 2013 | LOW | SCAN: NULL Probe | 79.128.132.139 | 49521 | 19532 | 1 |
| Sun Mar 24 05:00:06 CDT 2013 | LOW | SCAN: NULL Probe | 79.128.132.139 | 49521 | 19532 | 1 |
| Sun Mar 24 04:28:31 CDT 2013 | LOW | SCAN: NULL Probe | 110.205.85.220 | 16077 | 46047 | 1 |
| Sun Mar 24 04:28:26 CDT 2013 | LOW | SCAN: NULL Probe | 110.205.85.220 | 16077 | 46047 | 1 |
| Sun Mar 24 04:26:31 CDT 2013 | LOW | SCAN: NULL Probe | 97.208.56.246 | 64488 | 21076 | 1 |
| Sun Mar 24 04:26:26 CDT 2013 | LOW | SCAN: NULL Probe | 97.208.56.246 | 64488 | 21076 | 1 |
| Sun Mar 24 04:02:59 CDT 2013 | LOW | SCAN: NULL Probe | 139.155.45.88 | 41513 | 13875 | 1 |
| Sun Mar 24 04:02:59 CDT 2013 | LOW | SCAN: NULL Probe | 139.155.45.88 | 41513 | 13875 | 1 |
| Sun Mar 24 03:46:21 CDT 2013 | LOW | SCAN: NULL Probe | 118.102.252.123 | 23690 | 37253 | 1 |
| Sun Mar 24 03:46:16 CDT 2013 | LOW | SCAN: NULL Probe | 118.102.252.123 | 23690 | 37253 | 1 |
| Sun Mar 24 03:26:48 CDT 2013 | LOW | SCAN: NULL Probe | 223.171.230.240 | 54355 | 21143 | 1 |
| Sun Mar 24 03:26:43 CDT 2013 | LOW | SCAN: NULL Probe | 223.171.230.240 | 54355 | 21143 | 1 |
| Sun Mar 24 03:23:43 CDT 2013 | LOW | SCAN: NULL Probe | 119.245.118.46 | 44072 | 10020 | 1 |
| Sun Mar 24 03:23:38 CDT 2013 | LOW | SCAN: NULL Probe | 119.245.118.46 | 44072 | 10020 | 1 |
| Sun Mar 24 02:21:24 CDT 2013 | LOW | SCAN: NULL Probe | 47.95.224.161 | 4231 | 5877 | 1 |
| Sun Mar 24 02:21:18 CDT 2013 | LOW | SCAN: NULL Probe | 47.95.224.161 | 4231 | 5877 | 1 |
| Sun Mar 24 02:18:13 CDT 2013 | LOW | SCAN: NULL Probe | 101.237.57.160 | 12707 | 39397 | 1 |
| Sun Mar 24 02:18:04 CDT 2013 | LOW | SCAN: NULL Probe | 101.237.57.160 | 12707 | 39397 | 1 |
| Sun Mar 24 01:10:25 CDT 2013 | LOW | SCAN: NULL Probe | 167.147.98.4 | 59537 | 21339 | 1 |
| Sun Mar 24 01:10:19 CDT 2013 | LOW | SCAN: NULL Probe | 167.147.98.4 | 59537 | 21339 | 1 |
| Sun Mar 24 00:32:43 CDT 2013 | LOW | SCAN: NULL Probe | 213.204.129.23 | 41708 | 15243 | 1 |
| Sun Mar 24 00:32:38 CDT 2013 | LOW | SCAN: NULL Probe | 213.204.129.23 | 41708 | 15243 | 1 |
| Sun Mar 24 00:13:02 CDT 2013 | LOW | SCAN: NULL Probe | 93.27.166.229 | 33498 | 58678 | 1 |
| Sun Mar 24 00:13:02 CDT 2013 | LOW | SCAN: NULL Probe | 93.27.166.229 | 33498 | 58678 | 1 |
| Sat Mar 23 23:49:13 CDT 2013 | LOW | SCAN: NULL Probe | 45.249.192.254 | 50529 | 58084 | 1 |
| Sat Mar 23 23:49:08 CDT 2013 | LOW | SCAN: NULL Probe | 45.249.192.254 | 50529 | 58084 | 1 |
| Sat Mar 23 22:37:34 CDT 2013 | LOW | SCAN: NULL Probe | 33.134.232.37 | 60422 | 16129 | 1 |
| Sat Mar 23 22:37:29 CDT 2013 | LOW | SCAN: NULL Probe | 33.134.232.37 | 60422 | 16129 | 1 |
| Sat Mar 23 19:55:53 CDT 2013 | LOW | SCAN: NULL Probe | 94.196.35.208 | 46970 | 63500 | 1 |
| Sat Mar 23 19:55:48 CDT 2013 | LOW | SCAN: NULL Probe | 94.196.35.208 | 46970 | 63500 | 1 |
| Sat Mar 23 19:15:08 CDT 2013 | LOW | SCAN: NULL Probe | 14.9.185.206 | 15818 | 41607 | 1 |
| Sat Mar 23 19:15:03 CDT 2013 | LOW | SCAN: NULL Probe | 14.9.185.206 | 15818 | 41607 | 1 |
| Sat Mar 23 17:09:11 CDT 2013 | LOW | SCAN: NULL Probe | 185.13.209.198 | 50188 | 1763 | 1 |
| Sat Mar 23 17:09:05 CDT 2013 | LOW | SCAN: NULL Probe | 185.13.209.198 | 50188 | 1763 | 1 |
| Sat Mar 23 16:37:43 CDT 2013 | LOW | SCAN: NULL Probe | 101.146.165.59 | 18046 | 60239 | 1 |
| Sat Mar 23 16:37:37 CDT 2013 | LOW | SCAN: NULL Probe | 101.146.165.59 | 18046 | 60239 | 1 |
| Sat Mar 23 14:52:50 CDT 2013 | LOW | SCAN: NULL Probe | 110.8.129.243 | 42477 | 56436 | 1 |
| Sat Mar 23 14:52:45 CDT 2013 | LOW | SCAN: NULL Probe | 110.8.129.243 | 42477 | 56436 | 1 |
| Sat Mar 23 13:52:19 CDT 2013 | LOW | SCAN: NULL Probe | 48.237.22.242 | 21870 | 56348 | 1 |
| Sat Mar 23 13:52:14 CDT 2013 | LOW | SCAN: NULL Probe | 48.237.22.242 | 21870 | 56348 | 1 |
| Sat Mar 23 13:50:19 CDT 2013 | LOW | SCAN: NULL Probe | 70.131.191.106 | 1633 | 49483 | 1 |
| Sat Mar 23 13:50:14 CDT 2013 | LOW | SCAN: NULL Probe | 70.131.191.106 | 1633 | 49483 | 1 |
| Sat Mar 23 13:48:39 CDT 2013 | LOW | SCAN: NULL Probe | 10.242.232.82 | 20038 | 56332 | 1 |
| Sat Mar 23 13:48:34 CDT 2013 | LOW | SCAN: NULL Probe | 10.242.232.82 | 20038 | 56332 | 1 |
| Sat Mar 23 13:38:54 CDT 2013 | LOW | SCAN: NULL Probe | 179.31.226.213 | 53917 | 56163 | 1 |
| Sat Mar 23 13:38:49 CDT 2013 | LOW | SCAN: NULL Probe | 179.31.226.213 | 53917 | 56163 | 1 |
| Sat Mar 23 12:05:20 CDT 2013 | LOW | SCAN: NULL Probe | 155.67.166.41 | 26990 | 35948 | 1 |
| Sat Mar 23 12:05:20 CDT 2013 | LOW | SCAN: NULL Probe | 155.67.166.41 | 26990 | 35948 | 1 |
| Sat Mar 23 10:45:30 CDT 2013 | LOW | SCAN: NULL Probe | 196.71.16.88 | 31986 | 43609 | 1 |
| Sat Mar 23 10:45:25 CDT 2013 | LOW | SCAN: NULL Probe | 196.71.16.88 | 31986 | 43609 | 1 |
| Sat Mar 23 10:40:01 CDT 2013 | LOW | SCAN: NULL Probe | 74.186.177.142 | 24527 | 28351 | 1 |
| Sat Mar 23 10:39:56 CDT 2013 | LOW | SCAN: NULL Probe | 74.186.177.142 | 24527 | 28351 | 1 |
| Sat Mar 23 09:19:02 CDT 2013 | LOW | SCAN: NULL Probe | 161.159.229.182 | 54963 | 4325 | 1 |
| Sat Mar 23 09:18:57 CDT 2013 | LOW | SCAN: NULL Probe | 161.159.229.182 | 54963 | 4325 | 1 |
| Sat Mar 23 06:37:23 CDT 2013 | LOW | SCAN: NULL Probe | 137.74.66.142 | 6406 | 10803 | 1 |
| Sat Mar 23 06:37:18 CDT 2013 | LOW | SCAN: NULL Probe | 137.74.66.142 | 6406 | 10803 | 1 |
| Sat Mar 23 06:26:34 CDT 2013 | LOW | SCAN: NULL Probe | 66.166.140.142 | 25483 | 30490 | 1 |
| Sat Mar 23 06:26:27 CDT 2013 | LOW | SCAN: NULL Probe | 66.166.140.142 | 25483 | 30490 | 1 |
| Sat Mar 23 06:01:53 CDT 2013 | LOW | SCAN: NULL Probe | 48.73.145.70 | 16452 | 62881 | 1 |
| Sat Mar 23 06:01:48 CDT 2013 | LOW | SCAN: NULL Probe | 48.73.145.70 | 16452 | 62881 | 1 |
| Sat Mar 23 05:39:16 CDT 2013 | LOW | SCAN: NULL Probe | 109.10.30.112 | 43288 | 55952 | 1 |
| Sat Mar 23 05:39:11 CDT 2013 | LOW | SCAN: NULL Probe | 109.10.30.112 | 43288 | 55952 | 1 |
| Sat Mar 23 04:38:02 CDT 2013 | LOW | SCAN: NULL Probe | 46.129.13.187 | 37988 | 15658 | 1 |
| Sat Mar 23 04:37:57 CDT 2013 | LOW | SCAN: NULL Probe | 46.129.13.187 | 37988 | 15658 | 1 |
| Sat Mar 23 01:31:51 CDT 2013 | LOW | SCAN: NULL Probe | 218.164.182.46 | 91 | 48671 | 1 |
| Sat Mar 23 01:31:51 CDT 2013 | LOW | SCAN: NULL Probe | 218.164.182.46 | 91 | 48671 | 1 |
| Sat Mar 23 00:23:21 CDT 2013 | LOW | SCAN: NULL Probe | 152.150.97.213 | 56111 | 63007 | 1 |
| Sat Mar 23 00:23:21 CDT 2013 | LOW | SCAN: NULL Probe | 152.150.97.213 | 56111 | 63007 | 1 |
| Fri Mar 22 21:45:07 CDT 2013 | LOW | SCAN: NULL Probe | 202.154.80.142 | 38618 | 4795 | 1 |
| Fri Mar 22 21:45:02 CDT 2013 | LOW | SCAN: NULL Probe | 202.154.80.142 | 38618 | 4795 | 1 |
| Fri Mar 22 21:27:40 CDT 2013 | LOW | SCAN: NULL Probe | 217.107.142.113 | 33680 | 52255 | 1 |
| Fri Mar 22 21:27:35 CDT 2013 | LOW | SCAN: NULL Probe | 217.107.142.113 | 33680 | 52255 | 1 |
| Fri Mar 22 21:13:53 CDT 2013 | LOW | SCAN: NULL Probe | 135.13.127.55 | 21015 | 59305 | 1 |
| Fri Mar 22 21:13:48 CDT 2013 | LOW | SCAN: NULL Probe | 135.13.127.55 | 21015 | 59305 | 1 |
| Fri Mar 22 20:24:57 CDT 2013 | LOW | SCAN: NULL Probe | 57.233.184.156 | 51599 | 47999 | 1 |
| Fri Mar 22 20:24:57 CDT 2013 | LOW | SCAN: NULL Probe | 57.233.184.156 | 51599 | 47999 | 1 |
| Fri Mar 22 19:04:01 CDT 2013 | LOW | SCAN: NULL Probe | 27.21.194.136 | 4191 | 8471 | 1 |
| Fri Mar 22 19:03:56 CDT 2013 | LOW | SCAN: NULL Probe | 27.21.194.136 | 4191 | 8471 | 1 |
| Fri Mar 22 19:03:40 CDT 2013 | LOW | SCAN: NULL Probe | 35.96.91.196 | 6882 | 27631 | 1 |
| Fri Mar 22 19:03:33 CDT 2013 | LOW | SCAN: NULL Probe | 35.96.91.196 | 6882 | 27631 | 1 |
| Fri Mar 22 17:24:16 CDT 2013 | LOW | SCAN: NULL Probe | 153.167.215.165 | 43629 | 33638 | 1 |
| Fri Mar 22 17:24:10 CDT 2013 | LOW | SCAN: NULL Probe | 153.167.215.165 | 43629 | 33638 | 1 |
| Fri Mar 22 16:48:28 CDT 2013 | LOW | SCAN: NULL Probe | 182.146.56.54 | 63805 | 47866 | 1 |
| Fri Mar 22 16:48:23 CDT 2013 | LOW | SCAN: NULL Probe | 182.146.56.54 | 63805 | 47866 | 1 |
| Fri Mar 22 15:28:31 CDT 2013 | LOW | SCAN: NULL Probe | 156.67.127.241 | 37851 | 1299 | 1 |
| Fri Mar 22 15:28:26 CDT 2013 | LOW | SCAN: NULL Probe | 156.67.127.241 | 37851 | 1299 | 1 |
| Fri Mar 22 14:46:53 CDT 2013 | LOW | SCAN: NULL Probe | 74.116.224.33 | 12068 | 1214 | 1 |
| Fri Mar 22 14:46:47 CDT 2013 | LOW | SCAN: NULL Probe | 74.116.224.33 | 12068 | 1214 | 1 |
| Fri Mar 22 13:52:11 CDT 2013 | LOW | SCAN: NULL Probe | 58.28.189.233 | 24127 | 33957 | 1 |
| Fri Mar 22 13:52:06 CDT 2013 | LOW | SCAN: NULL Probe | 58.28.189.233 | 24127 | 33957 | 1 |
| Fri Mar 22 13:43:58 CDT 2013 | LOW | SCAN: NULL Probe | 15.13.17.92 | 6063 | 64419 | 1 |
| Fri Mar 22 13:43:53 CDT 2013 | LOW | SCAN: NULL Probe | 15.13.17.92 | 6063 | 64419 | 1 |
| Fri Mar 22 13:35:07 CDT 2013 | LOW | SCAN: NULL Probe | 37.246.20.1 | 6341 | 44194 | 1 |
| Fri Mar 22 13:35:02 CDT 2013 | LOW | SCAN: NULL Probe | 37.246.20.1 | 6341 | 44194 | 1 |
| Fri Mar 22 13:01:03 CDT 2013 | LOW | SCAN: NULL Probe | 134.241.37.33 | 42776 | 26030 | 1 |
| Fri Mar 22 13:00:57 CDT 2013 | LOW | SCAN: NULL Probe | 134.241.37.33 | 42776 | 26030 | 1 |
| Fri Mar 22 12:16:17 CDT 2013 | LOW | SCAN: NULL Probe | 187.165.196.161 | 10152 | 27715 | 1 |
| Fri Mar 22 12:16:11 CDT 2013 | LOW | SCAN: NULL Probe | 187.165.196.161 | 10152 | 27715 | 1 |
| Fri Mar 22 11:09:18 CDT 2013 | LOW | SCAN: NULL Probe | 78.130.4.152 | 34102 | 44339 | 1 |
| Fri Mar 22 11:09:13 CDT 2013 | LOW | SCAN: NULL Probe | 78.130.4.152 | 34102 | 44339 | 1 |
| Fri Mar 22 10:27:38 CDT 2013 | LOW | SCAN: NULL Probe | 85.124.150.43 | 41475 | 26061 | 1 |
| Fri Mar 22 10:27:33 CDT 2013 | LOW | SCAN: NULL Probe | 85.124.150.43 | 41475 | 26061 | 1 |
| Fri Mar 22 08:44:04 CDT 2013 | LOW | SCAN: NULL Probe | 143.178.239.135 | 37951 | 57792 | 1 |
| Fri Mar 22 08:43:59 CDT 2013 | LOW | SCAN: NULL Probe | 143.178.239.135 | 37951 | 57792 | 1 |
| Fri Mar 22 08:43:17 CDT 2013 | LOW | SCAN: NULL Probe | 142.184.17.54 | 36337 | 37785 | 1 |
| Fri Mar 22 08:43:10 CDT 2013 | LOW | SCAN: NULL Probe | 142.184.17.54 | 36337 | 37785 | 1 |
| Fri Mar 22 07:28:03 CDT 2013 | LOW | SCAN: NULL Probe | 221.90.107.254 | 45128 | 43961 | 1 |
| Fri Mar 22 07:27:58 CDT 2013 | LOW | SCAN: NULL Probe | 221.90.107.254 | 45128 | 43961 | 1 |
| Fri Mar 22 07:11:51 CDT 2013 | LOW | SCAN: NULL Probe | 58.106.0.75 | 55910 | 28375 | 1 |
| Fri Mar 22 07:11:44 CDT 2013 | LOW | SCAN: NULL Probe | 58.106.0.75 | 55910 | 28375 | 1 |
| Fri Mar 22 05:39:34 CDT 2013 | LOW | SCAN: NULL Probe | 130.132.247.61 | 39665 | 63748 | 1 |
| Fri Mar 22 05:39:29 CDT 2013 | LOW | SCAN: NULL Probe | 130.132.247.61 | 39665 | 63748 | 1 |
| Fri Mar 22 05:19:52 CDT 2013 | LOW | SCAN: NULL Probe | 82.79.13.73 | 34505 | 59837 | 1 |
| Fri Mar 22 05:19:44 CDT 2013 | LOW | SCAN: NULL Probe | 82.79.13.73 | 34505 | 59837 | 1 |
| Fri Mar 22 04:50:21 CDT 2013 | LOW | SCAN: NULL Probe | 3.181.117.148 | 63885 | 53617 | 1 |
| Fri Mar 22 04:50:14 CDT 2013 | LOW | SCAN: NULL Probe | 3.181.117.148 | 63885 | 53617 | 1 |
| Fri Mar 22 03:55:01 CDT 2013 | LOW | SCAN: NULL Probe | 82.132.21.233 | 40635 | 48979 | 1 |
| Fri Mar 22 03:55:01 CDT 2013 | LOW | SCAN: NULL Probe | 82.132.21.233 | 40635 | 48979 | 1 |
| Fri Mar 22 03:42:26 CDT 2013 | LOW | SCAN: NULL Probe | 112.129.176.69 | 44305 | 58760 | 1 |
| Fri Mar 22 03:42:21 CDT 2013 | LOW | SCAN: NULL Probe | 112.129.176.69 | 44305 | 58760 | 1 |
| Fri Mar 22 02:29:22 CDT 2013 | LOW | SCAN: NULL Probe | 94.221.90.19 | 53917 | 16560 | 1 |
| Fri Mar 22 02:29:16 CDT 2013 | LOW | SCAN: NULL Probe | 94.221.90.19 | 53917 | 16560 | 1 |
| Fri Mar 22 02:11:16 CDT 2013 | LOW | SCAN: NULL Probe | 27.52.174.198 | 6171 | 13832 | 1 |
| Fri Mar 22 02:11:11 CDT 2013 | LOW | SCAN: NULL Probe | 27.52.174.198 | 6171 | 13832 | 1 |
| Fri Mar 22 00:31:13 CDT 2013 | LOW | SCAN: NULL Probe | 197.96.127.214 | 5374 | 38130 | 1 |
| Fri Mar 22 00:31:13 CDT 2013 | LOW | SCAN: NULL Probe | 197.96.127.214 | 5374 | 38130 | 1 |
| Fri Mar 22 00:30:17 CDT 2013 | LOW | SCAN: NULL Probe | 125.240.189.227 | 32221 | 31939 | 1 |
| Fri Mar 22 00:30:11 CDT 2013 | LOW | SCAN: NULL Probe | 125.240.189.227 | 32221 | 31939 | 1 |
| Thu Mar 21 23:30:41 CDT 2013 | LOW | SCAN: NULL Probe | 152.21.206.30 | 33163 | 55009 | 1 |
| Thu Mar 21 23:30:35 CDT 2013 | LOW | SCAN: NULL Probe | 152.21.206.30 | 33163 | 55009 | 1 |
| Thu Mar 21 21:41:45 CDT 2013 | LOW | SCAN: NULL Probe | 190.218.51.1 | 15030 | 24879 | 1 |
| Thu Mar 21 21:41:40 CDT 2013 | LOW | SCAN: NULL Probe | 190.218.51.1 | 15030 | 24879 | 1 |
| Thu Mar 21 21:41:06 CDT 2013 | LOW | SCAN: NULL Probe | 40.253.76.217 | 63102 | 44396 | 1 |
| Thu Mar 21 21:41:01 CDT 2013 | LOW | SCAN: NULL Probe | 40.253.76.217 | 63102 | 44396 | 1 |
| Thu Mar 21 21:38:52 CDT 2013 | LOW | SCAN: NULL Probe | 174.232.5.163 | 13323 | 47263 | 1 |
| Thu Mar 21 21:38:52 CDT 2013 | LOW | SCAN: NULL Probe | 174.232.5.163 | 13323 | 47263 | 1 |
| Thu Mar 21 21:24:39 CDT 2013 | LOW | SCAN: NULL Probe | 5.190.39.80 | 51163 | 24768 | 1 |
| Thu Mar 21 21:24:34 CDT 2013 | LOW | SCAN: NULL Probe | 5.190.39.80 | 51163 | 24768 | 1 |
| Thu Mar 21 21:11:31 CDT 2013 | LOW | SCAN: NULL Probe | 206.77.104.61 | 33806 | 38730 | 1 |
| Thu Mar 21 21:11:26 CDT 2013 | LOW | SCAN: NULL Probe | 206.77.104.61 | 33806 | 38730 | 1 |
| Thu Mar 21 20:37:57 CDT 2013 | LOW | SCAN: NULL Probe | 94.62.129.25 | 53828 | 13599 | 1 |
| Thu Mar 21 20:37:52 CDT 2013 | LOW | SCAN: NULL Probe | 94.62.129.25 | 53828 | 13599 | 1 |
| Thu Mar 21 15:08:28 CDT 2013 | LOW | SCAN: NULL Probe | 45.97.241.153 | 49632 | 32006 | 1 |
| Thu Mar 21 15:08:22 CDT 2013 | LOW | SCAN: NULL Probe | 45.97.241.153 | 49632 | 32006 | 1 |
| Thu Mar 21 13:24:56 CDT 2013 | LOW | SCAN: NULL Probe | 64.40.211.214 | 31875 | 11234 | 1 |
| Thu Mar 21 13:24:51 CDT 2013 | LOW | SCAN: NULL Probe | 64.40.211.214 | 31875 | 11234 | 1 |
| Thu Mar 21 12:56:50 CDT 2013 | LOW | SCAN: NULL Probe | 64.61.153.187 | 13918 | 59397 | 1 |
| Thu Mar 21 12:56:45 CDT 2013 | LOW | SCAN: NULL Probe | 64.61.153.187 | 13918 | 59397 | 1 |
| Thu Mar 21 12:15:28 CDT 2013 | LOW | SCAN: NULL Probe | 152.181.192.231 | 29272 | 49713 | 1 |
| Thu Mar 21 12:15:23 CDT 2013 | LOW | SCAN: NULL Probe | 152.181.192.231 | 29272 | 49713 | 1 |
| Thu Mar 21 12:14:43 CDT 2013 | LOW | SCAN: NULL Probe | 202.195.34.242 | 31530 | 11131 | 1 |
| Thu Mar 21 12:14:38 CDT 2013 | LOW | SCAN: NULL Probe | 202.195.34.242 | 31530 | 11131 | 1 |
| Thu Mar 21 11:51:19 CDT 2013 | LOW | SCAN: NULL Probe | 152.69.92.153 | 18231 | 12103 | 1 |
| Thu Mar 21 11:51:14 CDT 2013 | LOW | SCAN: NULL Probe | 152.69.92.153 | 18231 | 12103 | 1 |
| Thu Mar 21 11:43:51 CDT 2013 | LOW | SCAN: NULL Probe | 42.132.125.76 | 46454 | 2475 | 1 |
| Thu Mar 21 11:43:43 CDT 2013 | LOW | SCAN: NULL Probe | 42.132.125.76 | 46454 | 2475 | 1 |
| Thu Mar 21 11:43:08 CDT 2013 | LOW | SCAN: NULL Probe | 116.147.2.189 | 23298 | 26531 | 1 |
| Thu Mar 21 11:43:03 CDT 2013 | LOW | SCAN: NULL Probe | 116.147.2.189 | 23298 | 26531 | 1 |
| Thu Mar 21 07:52:55 CDT 2013 | LOW | SCAN: NULL Probe | 34.64.4.8 | 39510 | 5242 | 1 |
| Thu Mar 21 07:52:50 CDT 2013 | LOW | SCAN: NULL Probe | 34.64.4.8 | 39510 | 5242 | 1 |
| Thu Mar 21 04:37:42 CDT 2013 | LOW | SCAN: NULL Probe | 66.122.172.233 | 24877 | 19129 | 1 |
| Thu Mar 21 04:37:35 CDT 2013 | LOW | SCAN: NULL Probe | 66.122.172.233 | 24877 | 19129 | 1 |
| Thu Mar 21 04:26:48 CDT 2013 | LOW | SCAN: NULL Probe | 11.73.112.178 | 57868 | 56980 | 1 |
| Thu Mar 21 04:26:48 CDT 2013 | LOW | SCAN: NULL Probe | 11.73.112.178 | 57868 | 56980 | 1 |
| Thu Mar 21 04:13:15 CDT 2013 | LOW | SCAN: NULL Probe | 74.49.63.236 | 5459 | 21710 | 1 |
| Thu Mar 21 04:13:08 CDT 2013 | LOW | SCAN: NULL Probe | 74.49.63.236 | 5459 | 21710 | 1 |
| Thu Mar 21 02:17:17 CDT 2013 | LOW | SCAN: NULL Probe | 156.236.230.243 | 54518 | 48786 | 1 |
| Thu Mar 21 02:17:12 CDT 2013 | LOW | SCAN: NULL Probe | 156.236.230.243 | 54518 | 48786 | 1 |
| Thu Mar 21 01:27:28 CDT 2013 | LOW | SCAN: NULL Probe | 80.194.240.91 | 39047 | 44814 | 1 |
| Thu Mar 21 01:27:28 CDT 2013 | LOW | SCAN: NULL Probe | 80.194.240.91 | 39047 | 44814 | 1 |
| Thu Mar 21 01:01:38 CDT 2013 | LOW | SCAN: NULL Probe | 4.163.237.249 | 62703 | 28314 | 1 |
| Thu Mar 21 01:01:32 CDT 2013 | LOW | SCAN: NULL Probe | 4.163.237.249 | 62703 | 28314 | 1 |
| Thu Mar 21 00:07:40 CDT 2013 | LOW | SCAN: NULL Probe | 26.96.120.192 | 13377 | 45124 | 1 |
| Thu Mar 21 00:07:35 CDT 2013 | LOW | SCAN: NULL Probe | 26.96.120.192 | 13377 | 45124 | 1 |
| Wed Mar 20 22:05:20 CDT 2013 | LOW | SCAN: NULL Probe | 17.107.25.194 | 64713 | 22675 | 1 |
| Wed Mar 20 22:05:14 CDT 2013 | LOW | SCAN: NULL Probe | 17.107.25.194 | 64713 | 22675 | 1 |
| Wed Mar 20 21:28:58 CDT 2013 | LOW | SCAN: NULL Probe | 143.28.104.39 | 10443 | 50630 | 1 |
| Wed Mar 20 21:28:52 CDT 2013 | LOW | SCAN: NULL Probe | 143.28.104.39 | 10443 | 50630 | 1 |
| Wed Mar 20 21:15:42 CDT 2013 | LOW | SCAN: NULL Probe | 58.26.67.24 | 50662 | 13585 | 1 |
| Wed Mar 20 21:15:37 CDT 2013 | LOW | SCAN: NULL Probe | 58.26.67.24 | 50662 | 13585 | 1 |
| Wed Mar 20 20:56:15 CDT 2013 | LOW | SCAN: NULL Probe | 201.51.231.75 | 49561 | 40734 | 1 |
| Wed Mar 20 20:56:15 CDT 2013 | LOW | SCAN: NULL Probe | 201.51.231.75 | 49561 | 40734 | 1 |
| Wed Mar 20 20:10:43 CDT 2013 | LOW | SCAN: NULL Probe | 74.14.5.159 | 37088 | 63493 | 1 |
| Wed Mar 20 20:10:37 CDT 2013 | LOW | SCAN: NULL Probe | 74.14.5.159 | 37088 | 63493 | 1 |
| Wed Mar 20 13:50:49 CDT 2013 | LOW | SCAN: NULL Probe | 160.99.95.194 | 24694 | 34912 | 1 |
| Wed Mar 20 13:50:44 CDT 2013 | LOW | SCAN: NULL Probe | 160.99.95.194 | 24694 | 34912 | 1 |
| Wed Mar 20 13:25:50 CDT 2013 | LOW | SCAN: NULL Probe | 163.87.237.165 | 34625 | 36549 | 1 |
| Wed Mar 20 13:25:45 CDT 2013 | LOW | SCAN: NULL Probe | 163.87.237.165 | 34625 | 36549 | 1 |
| Wed Mar 20 13:00:41 CDT 2013 | LOW | SCAN: NULL Probe | 179.56.36.122 | 33297 | 24977 | 1 |
| Wed Mar 20 13:00:36 CDT 2013 | LOW | SCAN: NULL Probe | 179.56.36.122 | 33297 | 24977 | 1 |
| Wed Mar 20 10:44:14 CDT 2013 | LOW | SCAN: NULL Probe | 196.173.109.9 | 17946 | 44165 | 1 |
| Wed Mar 20 10:44:09 CDT 2013 | LOW | SCAN: NULL Probe | 196.173.109.9 | 17946 | 44165 | 1 |
Kerns, Jim
Mar 26, 2013, 10:36:49 AM3/26/13
to iscds...@googlegroups.com
I am getting almost the exact same thing, but mine are single hits per IP, seems to have started about a week ago... They are hitting a wide range of our public IP addresses, not just a single address, the vast majority of these are not even used at this point. I am in the same boat as you, not sure what to make of it.... Almost seems like some sort of "staging" for something else maybe?
Anyone else care to speculate?
Jim Kerns
Spencer Community
Schools
23 East 7th St
23 East 7th St
--
--
Need IPv6 Training? See http://www.ipv6securitytraining.com . IPv6 Security Training
To unsubscribe from this group, send email to
iscdshield+...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/iscdshield?hl=en
---
You received this message because you are subscribed to the Google Groups "SANS Internet Storm Center / DShield" group.
To unsubscribe from this group and stop receiving emails from it, send an email to iscdshield+...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
William Smith Jr
Mar 26, 2013, 10:48:55 AM3/26/13
to iscds...@googlegroups.com
We began seeing similar activity on our IPS starting around 11:30 EST on 3/21. Like yourself, source IP's are all over the board. The event rate was significant enough that I had to turn off notifications (we are still blocking hits on the applicable filter). I turned notifications back on temporarily this morning and we're still getting hits so they are back off again. Subsequent discussion on a list I'm subscribed to referenced this link below as a likely source. However, the activity in question supposedly concluded last October. If that's indeed the case, it appears it's started up again
--
Brad
Mar 26, 2013, 3:15:14 PM3/26/13
to iscds...@googlegroups.com
I didn't specify, but it is hitting against the range of our public IPs as well. Staging for something else is what my initial thoughts were as well
P.S. Very cool to see you're from Spencer. I grew up in NW Iowa and have a good friend from Spencer.
Brad
Mar 26, 2013, 3:20:17 PM3/26/13
to iscds...@googlegroups.com
Bill, thanks for the article, very interesting read. Something like that could definitely explain this, but I wouldn't think they'd use null scans to try to map the internet as too many firewalls/IPS would block the packets.
Phillip Smith
Mar 26, 2013, 7:14:54 PM3/26/13
to iscds...@googlegroups.com
On 27 March 2013 00:57, Brad <brad.b...@gmail.com> wrote:
Anyone seeing something similar? I'm not sure what to make of it. Each packet is simply an IP header with the DF flag set, no options, no TCP flags or options and no payload.
I'm certainly seeing much more than normal; we only have a /29 of public address space but I've still seen 80 blocks in the last 72 hours or so. Total last week was 85 so seems to be increasing too. Same again as far as a variety of sources, and destinations across our /29.
The only difference I can see is that none of mine have DF set.
HAREN BHATT
Mar 26, 2013, 2:37:14 PM3/26/13
to iscds...@googlegroups.com
All might be aware of the below link... just in case some one has missed it.
--
Haren
|
Haren Bhatt | |
Head- SOC | |
"We Have A Culture Of Security."
NOTICE: This communication is meant only for
the addressee(s) named above and may contain information which is and/or
legally privileged. If you are not the named addressee(s), or the agent
responsible for receiving and delivering this communication to the named
addressee(s), this communication has been sent to you in error, please notify
the sender and delete all copies. If so, kindly contact us immediately for
retrieval purposes. Unauthorized dissemination, distribution, copying or
reliance on this communication is prohibited and may attract criminal
penalties.
For privacy reasons all the addressee(s) may be hidden.
Kovach, Mike A. - Compliance Specialist
Mar 27, 2013, 10:14:35 AM3/27/13
to iscds...@googlegroups.com
Has anyone seen this article?
Web slows under biggest attack ever
-----------------------------------------------------------------
Florida has a very broad Public Records Law. Virtually all
written communications to or from State and Local Officials and
employees are public records available to the public and media
upon request. JEA does not differentiate between personal and
business e-mails. E-mail sent on the JEA system will be
considered public and will only be withheld from disclosure if
deemed confidential pursuant to State Law. Under Florida law, e-
mail addresses are public records. If you do not want your e-
mail address released in response to a public-records request,
do not send electronic mail to this entity. Instead, contact JEA
by phone or in writing.
Florida has a very broad Public Records Law. Virtually all
written communications to or from State and Local Officials and
employees are public records available to the public and media
upon request. JEA does not differentiate between personal and
business e-mails. E-mail sent on the JEA system will be
considered public and will only be withheld from disclosure if
deemed confidential pursuant to State Law. Under Florida law, e-
mail addresses are public records. If you do not want your e-
mail address released in response to a public-records request,
do not send electronic mail to this entity. Instead, contact JEA
by phone or in writing.
Johannes B. Ullrich Ph.D.
Mar 27, 2013, 9:22:51 PM3/27/13
to iscds...@googlegroups.com
>
>
> Web slows under biggest attack ever
> http://www.telegraph.co.uk/technology/internet-security/9957063/Web-slows-under-biggest-attack-ever.html
>
The attack against Spamhaus is pretty massive (400GBps?!). However, I don't think it really effects the overall Internet performance at this point. Maybe in some corners of the Internet with pretty large numbers of badly configured DNS servers that are used as reflectors. In some cases, DSL modems run DNS servers that are abused for example.
>
> Web slows under biggest attack ever
> http://www.telegraph.co.uk/technology/internet-security/9957063/Web-slows-under-biggest-attack-ever.html
>
Back to the TCP NULL scans: No idea why someone would use TCP NULL scans on a large scale. I looked at our DShield database, and don't see a defined trend (will post the results in a bit), but many firewalls don't report flags, so the data is somewhat noisy.
--
Register today for SANSFIRE 2013, June 14-23, in Washington DC. Hear from SANS Internet Storm Center handlers from around the world; choose from 30+ courses plus bonus sessions, vendor expo, and a hands-on NetWars challenge! http://www.sans.org/info/125257
Johannes B. Ullrich, Ph.D., GIAC GCIA & GWEB, SANS Technology Institute, (757) 726 7528, twitter: johullrich; http://isc.sans.edu
Johannes B. Ullrich Ph.D.
Mar 27, 2013, 10:19:49 PM3/27/13
to iscds...@googlegroups.com
Actually. There may be something in the data. It is pretty noisy. I am attaching a PNG of the data plot (not sure if google groups will allow this)
James McKernan (jmckerna)
Mar 28, 2013, 12:30:33 AM3/28/13
to iscds...@googlegroups.com
Payload in a TCP null scan? Can someone sniff this and provide packet level data over a short interval? I'm curious.
James McKernan
Sr. Security Architect - Cisco
From: "Johannes B. Ullrich Ph.D." <jull...@sans.edu>
Reply-To: <iscds...@googlegroups.com>
Date: Wednesday, March 27, 2013 6:19 PM
To: <iscds...@googlegroups.com>
Subject: Re: [dshield] TCP Null Scans
Reply-To: <iscds...@googlegroups.com>
Date: Wednesday, March 27, 2013 6:19 PM
To: <iscds...@googlegroups.com>
Subject: Re: [dshield] TCP Null Scans
Kerns, Jim
Mar 28, 2013, 9:27:00 AM3/28/13
to iscds...@googlegroups.com
Well..... I have not seen any since 10:30 last night... Cannot capture what is not there... I will monitor today and see if they start back up...
Jim Kerns
Spencer Community
Schools
23 East 7th St
23 East 7th St
On Thu, Mar 28, 2013 at 6:50 AM, Kerns, Jim <jke...@spencerschools.org> wrote:
Today should be quiet on our network, (everyone is off for a long weekend), I will capture some data when I get in right away.....
Kerns, Jim
Mar 28, 2013, 7:50:00 AM3/28/13
to iscds...@googlegroups.com
Today should be quiet on our network, (everyone is off for a long weekend), I will capture some data when I get in right away.....
On Mar 28, 2013 2:45 AM, "James McKernan (jmckerna)" <jmck...@cisco.com> wrote:
Reply all
Reply to author
Forward
Message has been deleted
0 new messages