Hallo, analysing the DShield.log there were two topics I couldn't find information: - TTL: the default is 64, but nearly all scanner use TTL around 250, and the "attackers" (trying login) use TTL around 250 - Source port: default for Linux is above 32,000, but there are a number of scans with source port below It seems most of the scans are using nmap (windows-size=1024), but my checks did not confirm any unusual TTL or source ports. Does the specific TTL and source port reveal anything about the scanners? Thanks |
Anonymous |
thread locked Quote Subscribe |
Mar 1st 2020 10 months ago |
Sign Up for Free or Log In to start participating in the conversation!