I'm getting hammered numerous times from DoD Network Information
Center, why?
They portscan my ports as low as (UDP) 1025 to 1035 continously.
I'd greatly appreciate if somebody know'd the reason :)
"nifty"
news:1143128867.090684.49190@v46g2000cwv.googlegroups.com...
> I'm getting hammered numerous times from DoD Network Information
> Center, why?
> They portscan my ports as low as (UDP) 1025 to 1035 continously.
> I'd greatly appreciate if somebody know'd the reason :)
>
First: if its UDP then it may not be DoD :P
Right. The probability is high that those packets are forged to make
you believe you are being scanned by them.
On 23 Mar 2006, in the Usenet newsgroup comp.security.misc, in article
<1143128867.090684.49190@v46g2000cwv.googlegroups.com>, nifty wrote:
>I'm getting hammered numerous times from DoD Network Information
>Center, why?
Because they like you?
>They portscan my ports as low as (UDP) 1025 to 1035 continously.
No, that's just a windoze spammer trying to get you to buy some crap
software that does nothing your computer may already be doing for you,
which is blocking messenger spam. Big clue - UDP can be and often is
spoofed. Bitch at your incompetent ISP for not following RFC2827 and
RFC3704.
2827 Network Ingress Filtering: Defeating Denial of Service Attacks
which employ IP Source Address Spoofing. P. Ferguson, D. Senie. May
2000. (Format: TXT=21258 bytes) (Obsoletes RFC2267) (Updated by
RFC3704) (Also BCP0038) (Status: BEST CURRENT PRACTICE)
3704 Ingress Filtering for Multihomed Networks. F. Baker, P. Savola.
March 2004. (Format: TXT=35942 bytes) (Updates RFC2827) (Also
BCP0084) (Status: BEST CURRENT PRACTICE)
>I'd greatly appreciate if somebody know'd the reason :)
Microsoft invented this network thing so that people can send you messages
with the 'net send' command. As usual, they ignored security, and more than
ten years prior experience of UNIX - and spammers world wide discovered
a nice way to blindly advertise crap. Your ISP apparently feels that you
want to see the ads, and are allowing them through, even though the source
addresses are blatantly false. If you actually looked at the packet, you
would find it is text meant to look as if your windoze O/S is crapping
out, and is telling you to go to some wanker's web site to fix your
registry or get a longer **** or something.
In 1998, we set our internal and perimeter firewalls to port translate
_outbound_ UDP traffic in the 1025 - 1050-ish range (mainly DNS queries)
out of that port range, so there is never going to be legitimate inbound
traffic in that range. This allows our upstream to drop that traffic,
saving a large amount of bandwidth.
Old guy