|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Stopping ip range scans
My router is set up to send me daily reports of IP addresses that hit the port 137-139 block more than 1000 times a day. The sources are all over the place, including a lot of IANA reserved address space that Sprint and my ISP should be filtering upstream, but a lot of the scans are from hosts on my ISP's network that I know are consumer DSL. My working assumption is that these are worms looking for new hosts to attack. When I have time, I tell the ISP about the local ones so they can tell their customer to fix it, otherwise I don't bother. So long as you have reasonable router filters, port scans are an annoyance but not a security issue. -- John R. Levine, IECC, POB 727, Trumansburg NY 14886 +1 607 330 5711 [email protected], Village Trustee and Sewer Commissioner, http://iecc.com/johnl, Member, Provisional board, Coalition Against Unsolicited Commercial E-mail
|