Hi.
My corporate firewall detected numberous TCP_Network_Scan attempts, which it describes as follows:
"This anomaly signature detects an excessive rate of TCP port probe activity on the entire network from a single intruder. It can detect certain kinds of scanning activity that would (possibly by design) fall below the thresholds of the TCP_Port_Scan or TCP_Service_Sweep signatures. You set the pam.tcp.network.scan.count and pam.tcp.network.scan.interval tuning parameters to control this signature's probe rate threshold".
Lots of investigation identified that Skype probed 396 different IP addresses, across the whole address space (10.50.1.42 through 222.177.29.49), using 282 different ports, during three five-minute "episodes".
Why?
Full Version: Scanning lots of random IP addresses
[quote=beerquest]Hi.
My corporate firewall detected numberous TCP_Network_Scan attempts, which it describes as follows:
"This anomaly signature detects an excessive rate of TCP port probe activity on the entire network from a single intruder. It can detect certain kinds of scanning activity that would (possibly by design) fall below the thresholds of the TCP_Port_Scan or TCP_Service_Sweep signatures. You set the pam.tcp.network.scan.count and pam.tcp.network.scan.interval tuning parameters to control this signature's probe rate threshold".
Lots of investigation identified that Skype probed 396 different IP addresses, across the whole address space (10.50.1.42 through 222.177.29.49), using 282 different ports, during three five-minute "episodes".
Why?[/quote]
Thats the way p2p works it is called relaying from 1 pc to another to get round the world or whereever you are going to, even while you are not using Skype but you have it switched on this will happen as other people use your pc as a stepping stone on through the journey of life.
My corporate firewall detected numberous TCP_Network_Scan attempts, which it describes as follows:
"This anomaly signature detects an excessive rate of TCP port probe activity on the entire network from a single intruder. It can detect certain kinds of scanning activity that would (possibly by design) fall below the thresholds of the TCP_Port_Scan or TCP_Service_Sweep signatures. You set the pam.tcp.network.scan.count and pam.tcp.network.scan.interval tuning parameters to control this signature's probe rate threshold".
Lots of investigation identified that Skype probed 396 different IP addresses, across the whole address space (10.50.1.42 through 222.177.29.49), using 282 different ports, during three five-minute "episodes".
Why?[/quote]
Thats the way p2p works it is called relaying from 1 pc to another to get round the world or whereever you are going to, even while you are not using Skype but you have it switched on this will happen as other people use your pc as a stepping stone on through the journey of life.
Thanks.
I hadn't realised it used a variant of P2P.
I hadn't realised it used a variant of P2P.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.