On Thu, Dec 3, 2009 at 10:35 PM, Matthew Huff <mh...@ox.com> wrote: > We are seeing a large number of tcp connection attempts to ports known to > have security issues. The source addresses are spoofed from our address > range. They are easy to block at our border router obviously, but the number > and volume is a bit worrisome. Our upstream providers appear to be > uninterested in tracing or blocking them. Is this the new normal? One of my > concerns is that if others are seeing probe attempts, they will see them from > these addresses and of course, contact us. > > Any suggestions on what to do next? Or just ignore.
Filter it out and then ignore. Might as well filter it out - see http://thespamdiaries.blogspot.com/2006/02/new-host-cloaking-technique-used-by.html
