I've noticed some strange traffic on our firewalls recently. Someone (Or multiple someones) are attempting to send tcp packets inbound to our network FROM well known ports (e.g. port 80) to multiple port numbers, and usually multiple addresses as well. Sometimes they are randomised, (Port and/or target IP address), sometime sthey are sequential, or only one host etc. I'm seeing these from multiple IP addresses so it appears to be quite distributed.
Is this a well known method? I've been searching and haven't found anything. I know it's not legitimate traffic because the hosts being scanning for don't actually have the ability to open these connections outbound, so they're not an expired connection in the firewall being caught...
TIA
Hamish.
--
I don't suffer from Insanity... | Linux User #16396
I enjoy every minute of it... |
|
http://www.travellingkiwi.com/ |
-- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
