Has anyone seen a dramatic increase in FTP probes/scans/bad stuff from
certain IP blocks in Taiwan or China? Specifically, 211/8, 61/8, and
202/7. I'm logging over 7500 probes/hr right now. Is there a new
exploit out or something?
Another network just surfaced: 210.82/15
-Gordon
Maybe I'm not getting attacked in the same way as you - perhaps its
someone directing DoS at you or something? But I am seeing a massive
increase in scans from lots of IPs and to lots of ports.
Steve
> Has anyone seen a dramatic increase in FTP probes/scans/bad stuff from
> certain IP blocks in Taiwan or China? Specifically, 211/8, 61/8, and
> 202/7. I'm logging over 7500 probes/hr right now. Is there a new
> exploit out or something?
>
> Another network just surfaced: 210.82/15
I am getting lots of port 80'ish scans from those IP ranges.
and a few port 139, but I have not seen a port 21 (FTP) scan from anyone
in the last 30 minutes... while monitoring a /19 and a /20 locally.
Apprec. the info. Probes are falling off now. 25k in the last 6hrs
(as of 1500hrs EST).
Not much in the grand scheme of things but more then I like. A couple of
servers at this facility are being targeted - no sooner had I ACL'ed
one block when probes from a new block to the same targets surfaced. In
any event, the target servers are offline pending a close inspection.
Thanks to all that responded,
-Gordon
“FORMOSA”…from Jonathan Swift’s “Gulliver!” Please see: “Two Babylons”
FORMOSA from Jonathan Swift’s “Gulliver!” Please see: “Two Babylons”