Hosting Provided By

Re: Ip spoof from 0.0.0.0

From: Mike Maxwell <mmaxwell(at)gmavt.net>
Date: Tue Nov 05 2002 - 11:54:27 EST

We have also been seeing this activity for several days now. It is all directed to port 445. I assume it is some type of port harvesting attempt and have been paying close attention to Internet facing hosts.

11/05/2002 11:17:08.352 - 	IP spoof detected - 	Source:0.0.0.0, 3442, 
WAN - 	Destination:a.b.c.120, 445, LAN -
11/05/2002 10:25:20.592 - 	IP spoof detected - 	Source:0.0.0.0, 1488, 
WAN - 	Destination:a.b.d.96, 445, LAN
11/05/2002 08:58:16.688 - 	IP spoof detected - 	Source:0.0.0.0, 2062, 
WAN - 	Destination:a.b.e.61, 445, LAN
11/05/2002 08:25:21.768 - 	IP spoof detected - 	Source:0.0.0.0, 2537, 
WAN - 	Destination:a.b.f.127, 445, LAN -

Ingersoll, Jared wrote:
> I was hoping someone could tell me whether this is a misconfigured device

-- 
*******************************
*  Mike Maxwell  GCIA         *
*  System Manager--GMA        *
*  mmaxwell@gmavt.net         *
*******************************


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: 
http://aris.securityfocus.com

Received on Sat Nov 9 06:11:13 2002

This message: [ Message body ]
Next message: Bojan Zdrnja: "RE: ano@ano.com ftpd dip.t-dialin.net"
Previous message: Mike Lewinski: "Re: Ip spoof from 0.0.0.0"
Maybe in reply to: Mike Lewinski: "Re: Ip spoof from 0.0.0.0"
In reply to Omar Herrera: "RE: Ip spoof from 0.0.0.0"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:01:50 EDT