[Snort-users] Source IP/destination IP: how close is too close?
guillaume at ...4029...
Fri Jan 18 00:32:02 EST 2002
Dans son précédent message John Sage écrivait :
> I just had to post this snort capture of a probe to tcp:12345 --
> look at the source IP address relative to my destination IP
> address as a dialup to access.att.net, out of AT&T's Seattle, WA
> 01/17-18:47:48.819272 22.214.171.124:1182 -> 126.96.36.199:12345
> TCP TTL:127 TOS:0x0 ID:18697 IpLen:20 DgmLen:48 DF
> ******S* Seq: 0x21DD8C Ack: 0x0 Win: 0x2000 TcpLen: 28
> TCP Options (4) => MSS: 536 NOP NOP SackOK
> I mean, this guy is right on top of me ;-)
> Think I should go yell out the front door for him to knock it
> This is some clown I see a lot of; he's always nearby, but he's
> never been this "close".
Well well... if only close IPs meant "guy next door"... :-)
I see lots of close IPs playing along with mine, some very very close,
but coming - geographically speaking - from Iran, and I live in Paris,
But if you'd like to yell out there too, I'm your man ! :-)
Most of times it's just hazardeous automatic scannning scripts
[ Sent with SquirrelMail - http://www.squirrelmail.org ]
More information about the Snort-users