[NTLUG:Discuss] Seeing lots of NMAP scans
joseph beasley
joe_beasley at yahoo.com
Fri Jul 16 13:25:08 CDT 2004
The 445 scans are from other infected machines on the internet looking
to exploit MS04-11. Sdbot and rbot viruses.
--- Wayne Dahl <w.dahl4 at verizon.net> wrote:
> I'm seeing a lot of NMAP scans in my firewall logs coming from just a
> few Verizon DSL users (reverse lookups point to a lot of them coming
> from one guy who appears to be changing his IP address a lot, but
> most
> of them seem to be coming from him)...a lot of port 445 scans, scans
> from other ISP users, etc. Is this some sort of attack attempt?
>
> Are you guys seeing anything like this also? Most of the entries are
> ICMP PING NMAP and Smoothwall describes them as Type: Attempted
> information leak.
>
> I've set Smoothwall to block ICMP pings and also to block and ignore
> IGMP packets. I know that if I block ICMP pings, I can't be pinged
> from
> another outside address, but I can live with that. Will that be
> sufficient, given my current firewall, to stop NMAP scans?
>
> --
> Wayne Dahl
> Registered Linux User # 347549
> No electrons were abused in any way by any Micro$oft
> product in the composition of this e-mail.
>
>
> _______________________________________________
> https://ntlug.org/mailman/listinfo/discuss
>
=====
Joe Beasley
CNE, CCNP, MCSE, CCNA, AEIOU....
PGP/GPG key -- http://home.comcast.net/~joe.beasley/joebeasley.txt
AOL Messenger joebeasley3rd
Yahoo Messenger joe_beasley
MSN Messenger joebeasley3rd
__________________________________
Do you Yahoo!?
Yahoo! Mail - 50x more storage than other providers!
http://promotions.yahoo.com/new_mail
More information about the Discuss
mailing list