Hey all,
At work we had a setup in an office building where they ran a t1 to the building then ran fiber to each office and sold off parts of it. Eventually we needed our own t1 so we ordered it from the company that provided the initial service to the building. They ran it in, everything went smoothly, they gave us the same ip addresses we had before and mail/web/etc is all running along smoothly.
The problem is as soon as they put it in I started getting many, many probes to port 8, or smurf amplification attacks according to the sonicwall firewall. I got like maybe a dozen over the last few months and suddenly now I'm getting 100s a day. I talked to the noc guys at my isp and they said it's just coincidence that it happened now since nothing is different but it just seems very odd that it would ramp up like crazy as soon as they changed the equipment.
I've looked up a load of the ips and contrary to what the isp folks tell me they aren't all just 1 guy on dhcp from one carrier sending all of them.
Does anyone know if there is a new virus floating around that would hit port 8 or some other reason seeing as I have the same ips, same firewall setup, etc but suddenly I'm getting probed like crazy?
thanks,
Daniel
At work we had a setup in an office building where they ran a t1 to the building then ran fiber to each office and sold off parts of it. Eventually we needed our own t1 so we ordered it from the company that provided the initial service to the building. They ran it in, everything went smoothly, they gave us the same ip addresses we had before and mail/web/etc is all running along smoothly.
The problem is as soon as they put it in I started getting many, many probes to port 8, or smurf amplification attacks according to the sonicwall firewall. I got like maybe a dozen over the last few months and suddenly now I'm getting 100s a day. I talked to the noc guys at my isp and they said it's just coincidence that it happened now since nothing is different but it just seems very odd that it would ramp up like crazy as soon as they changed the equipment.
I've looked up a load of the ips and contrary to what the isp folks tell me they aren't all just 1 guy on dhcp from one carrier sending all of them.
Does anyone know if there is a new virus floating around that would hit port 8 or some other reason seeing as I have the same ips, same firewall setup, etc but suddenly I'm getting probed like crazy?
thanks,
Daniel
Facebook
Twitter