How do you know the host is non-existent? Have you confirmed that you they are spoofing? What does the scan look like? Is it a stealth scan with a single packet or something more robust? If you find that they are spoofing, then the only thing that they could be trying to accomplish is what I call a "Human Denial of Service (HDOS)". They are trying to drive you crazy, searching for a vulnerability that doesn't exist. It is so easy to spit garbage into other peoples systems that it isn't funny. I am interesting in knowing if you find something other than the so called HDOS attack.
The ultimate solution to the spoof problem is to implement something called "Network Ingress Filtering". Look it up with your favorite search engine. I think there may be an RFC on it.
Carlton Copp
-----Original Message-----
From: EW1 Coral J. Cook [SMTP:ccook nosc mil]
Sent: Wednesday, June 09, 1999 11:18 AM
To: linux-security redhat com
Subject: [linux-security] Port 7 scan
Over the last several day, we've been getting pretty regular scans from a
non-existant host on our port 7. Any idea what they are looking for/what are
some of vulnerabilites with echo?
Thanks
Coral Cook
--
----------------------------------------------------------------------
Please refer to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------
To unsubscribe:
mail -s unsubscribe linux-security-request redhat com < /dev/null