North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Stopping ip range scans

  • From: John R. Levine
  • Date: Mon Dec 29 12:45:12 2003
  • Newsgroups: iecc.lists.nanog

My router is set up to send me daily reports of IP addresses that hit
the port 137-139 block more than 1000 times a day.  The sources are
all over the place, including a lot of IANA reserved address space
that Sprint and my ISP should be filtering upstream, but a lot of the
scans are from hosts on my ISP's network that I know are consumer DSL.

My working assumption is that these are worms looking for new hosts to
attack.  When I have time, I tell the ISP about the local ones so they
can tell their customer to fix it, otherwise I don't bother.

So long as you have reasonable router filters, port scans are an
annoyance but not a security issue.

John R. Levine, IECC, POB 727, Trumansburg NY 14886 +1 607 330 5711
[email protected], Village Trustee and Sewer Commissioner,, 
Member, Provisional board, Coalition Against Unsolicited Commercial E-mail