Try ethereal for packet inspection/capture -----Original Message----- From: Paul Benedek [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 08, 2003 10:08 AM To: 'Justin Pryzby'; 'Damon McMahon' Cc: [EMAIL PROTECTED] Subject: RE: Continued probing with source IP 10.x.x.x
Hi, To ensure that you are not receiving port scan traffic from the outside on the 10.x.x.x subnet (RFC1918 addresses), you might want to consider RFC1918 filtering at your ISP ingress router. Consider also RFC2827 filtering to prevent IP spoofing. To prove or disprove if it is coming from a spoofed source, apply an access list to your router that allows the traffic to pass and ensure that you log it. Once you have captured the data, you can analyse where it came from and more importantly which interfaces of the router it passed through. Regards, Paul Benedek Director Excis Networks Limited http://www.excis.co.uk -----Original Message----- From: Justin Pryzby [mailto:[EMAIL PROTECTED] Sent: 08 July 2003 06:17 To: Damon McMahon Cc: [EMAIL PROTECTED] Subject: Re: Continued probing with source IP 10.x.x.x First off you should make sure its not internally-generated traffic. Then you should make sure your router and your ISP's router are not passing those packets. RFC X (requirements for ip routers or something) requires that, I think. Justin On Mon, Jul 07, 2003 at 11:33:02PM +0000, Damon McMahon wrote: > > Greetings, > > Is this a simple port scan from outside, or should I be more worried? > > Any assistance or advice will be appreciated! --------------------------------------------------------------------------- Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare. Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance. Visit us at: http://www.neoteris.com/promos/sf-6-9.htm ---------------------------------------------------------------------------- --------------------------------------------------------------------------- Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare. Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance. Visit us at: http://www.neoteris.com/promos/sf-6-9.htm ---------------------------------------------------------------------------- --------------------------------------------------------------------------- Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare. Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance. Visit us at: http://www.neoteris.com/promos/sf-6-9.htm ----------------------------------------------------------------------------
