Scanning with reverse connections?
I've noticed some strange traffic on our firewalls recently. Someone (Or
multiple someones) are attempting to send tcp packets inbound to our
network FROM well known ports (e.g. port 80) to multiple port numbers,
and usually multiple addresses as well. Sometimes they are randomised,
(Port and/or target IP address), sometime sthey are sequential, or only
one host etc. I'm seeing these from multiple IP addresses so it appears
to be quite distributed.
Is this a well known method? I've been searching and haven't found
anything. I know it's not legitimate traffic because the hosts being
scanning for don't actually have the ability to open these connections
outbound, so they're not an expired connection in the firewall being
caught...
TIA
Hamish.
--
I don't suffer from Insanity... | Linux User #16396
I enjoy every minute of it... |
|
http://www.travellingkiwi.com/ |
Reply to: