[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

how to deal with port scan and brute force attack from AS 8075 ?

Subject: how to deal with port scan and brute force attack from AS 8075 ?
From: Brandon.Vincent at asu.edu (Brandon Vincent)
Date: Sun, 3 Apr 2016 20:54:01 -0700
In-reply-to: <CAEiuvJCzSVuvL4ZzYpOzKiye7Efib1dNct+ToPMf7h6phA+8Qg@mail.gmail.com>
References: <[email protected]> <[email protected]> <[email protected]> <[email protected]> <CAEiuvJCzSVuvL4ZzYpOzKiye7Efib1dNct+ToPMf7h6phA+8Qg@mail.gmail.com>

On Thu, Mar 31, 2016 at 4:41 AM, DV <iamzam at gmail.com> wrote:
> I have noticed this and especially the strange format of the packets with a
> SYN/ECE/CWR flag combination: http://pastebin.com/jFCDAmdr
>
> This may be $whoever trying to establish network performance/congestion via
> ECN or it could be something else like a fast scan technique or OS
> fingerprinting

It's OS fingerprinting. Targeted attacks are far more productive. If
I'm trying to get into an organization, I'd much rather be interested
in Juniper ScreenOS than someone's personal *nix machine.

Brandon Vincent

Follow-Ups:
- how to deal with port scan and brute force attack from AS 8075 ?
  - From: baconzombie at gmail.com (Bacon Zombie)

Prev by Date: Some doubts on large scale BGP/AS design and black hole routing risk
Next by Date: SAFNOG-3 Meeting - Date Change Updates
Previous by thread: Some doubts on large scale BGP/AS design and black hole routing risk
Next by thread: how to deal with port scan and brute force attack from AS 8075 ?
Index(es):
- Date
- Thread