North American Network Operators Group
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Historical
Re: DSL-IP Probes Curiousity..
- From: Mike Tancsa
- Date: Fri Mar 14 00:57:09 2003
At 05:19 PM 3/13/2003 -0500, McBurnett, Jim wrote:
Hello,
I am just curious about this.
I see a rather unusual # of SNMP queiries
and port scans from DSL
IP blocks in the US...
How many of you really go after the script kiddies
doing this?
I know 1, 2 or even 3 a day is not a concern for me,
but when I get 3 a day from the same source IP allocation,
I start wondering...
There is so much of it, I liken it to Internet background radiation. In
fact, if I didnt see a constant stream of this (either by accident-- SNMP
auto discovery, or design-- lets find all the 'private' routers and
switches out there) I would be more worried as my network probably has been
blackholed!
In terms of reporting it, I usually do if its more than just some automated
probe and is a directed attack against a particular device and is causing
some grief or potential grief. But it would be a full time job evaluating
and responding to each and every scan/hack attempt as the volume is way too
high. I think something like dshield is going in the right direction.
Ultimately if these things are not reported and the people doing them
sanctioned somehow, it wont stop.
Also, its March Break in many parts of North America... More time to do
these sorts of things.
---Mike
--------------------------------------------------------------------
Mike Tancsa, tel +1 519 651 3400
Sentex Communications, mike@sentex.net
Providing Internet since 1994 www.sentex.net
Cambridge, Ontario Canada www.sentex.net/mike
|
