Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: Systematic port scanning using a very set of IP addresses SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network
https://isc.sans.edu/honeypot.html

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Systematic port scanning using a very set of IP addresses
Greetings,

For a while now I'm seeing efforts to systematically scan all ports on the router using a large list of source IP addresses, somewhere in the 25,000+ per day range. Typically every IP address only scans a single port, likely to stay below the radar, though often they probe both TCP and UDP for said port.

On their own these individual probes look mostly harmless, but if you look at all the ports combined you're starting to see a very systematic, orchestrated effort.

Is anyone else seeing this? The data is submitted to DSHIELD, so perhaps someone could check if how wide-spread this is.

Kind regards,

- Richard.
RG

2 Posts

Sign Up for Free or Log In to start participating in the conversation!