North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: DSL-IP Probes Curiousity..

  • From: Mike Tancsa
  • Date: Fri Mar 14 00:57:09 2003

At 05:19 PM 3/13/2003 -0500, McBurnett, Jim wrote:

Hello,
I am just curious about this.
I see a rather unusual # of SNMP queiries
and port scans from  DSL
IP blocks in the US...

How many of you really go after the script kiddies
doing this?

I know 1, 2 or even 3 a day is not a concern for me,
but when I get 3 a day from the same source IP allocation,
I start wondering...
There is so much of it, I liken it to Internet background radiation. In fact, if I didnt see a constant stream of this (either by accident-- SNMP auto discovery, or design-- lets find all the 'private' routers and switches out there) I would be more worried as my network probably has been blackholed!

In terms of reporting it, I usually do if its more than just some automated probe and is a directed attack against a particular device and is causing some grief or potential grief. But it would be a full time job evaluating and responding to each and every scan/hack attempt as the volume is way too high. I think something like dshield is going in the right direction. Ultimately if these things are not reported and the people doing them sanctioned somehow, it wont stop.

Also, its March Break in many parts of North America... More time to do these sorts of things.

---Mike
--------------------------------------------------------------------
Mike Tancsa, tel +1 519 651 3400
Sentex Communications, [email protected]
Providing Internet since 1994 www.sentex.net
Cambridge, Ontario Canada www.sentex.net/mike