Chris Higgins wrote:
> On Mon, 14 Feb 2005 13:22:52 +0000
> Bryan O'Donoghue <typedef at eircom.net> wrote:
>>>>>>You were smurfed !
>>> If you are talking about the directed broadcast "smurf" attack then
> nothing in the description indicates this
>> If however you are seeing little blue people with white hats, then
> put the tinfoil hat back on.
Nope. I mean a sequential
mark as being active port
mark as being not active port
for ports n-n+m
If the scan is sequential then whoever is doing it is making _no_ effort
to disguise the attack/scan.
Also if the scan uses a full connect system call then whoever has done
that scan is either trying to alert the person at the other end to the
fact that they are port scanning, or is so utterly clueless/hasn't
researched how to port scan, that that particular person would be
nothing to worry about.
The very fact that a sequential port scan has showed up, would seem to
me to a very obvious sign of an attacker, who hasn't the slightest clue
about how _not_ to get caught doing a port scan... which is probably on
page 2, of "port scanning" from phrack issue 3... produced in 1996.
Therefore attacker doesn't think remote target has the ability to graph
his attack and has underestimated his target or attacker hasn't done
basic "how to portscan and not get nabbed" reading and is probably clueless.
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!