Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Westi on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

scan attacks detected - legit sources

Status
Not open for further replies.
1dannyd

1dannyd

IS-IT--Management
Aug 24, 2001
100
US
I am getting detection notices in both isa and my server event viewer that *these* ip addresses are performing scan attacks. I get 64.156.220.99 five or six times and the 66.14.237.56 five or six times every day. I tried to look them up the best i could and it seems to be bellsouth and gte related but why would they scan?
Thanks for any insight to t6his.
 
Sort by date Sort by votes
Both companies are ISPs. Level3 and GTE are providing ISP service through these IPs. The GTE 66.14.237.56 address is in their DSL DHCP pool. These people could be doing these scans wittingly or unwittingly. It maybe that these people have a trojan horse installed being controlled by a client somewhere else. Or it could be spoofed address from the real scan to through you off course.

Joe
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

RodneyMcSnow
  • Locked
  • Question
TZ400 -how to prevent dns attacks
Replies
2
Views
150
RodneyMcSnow
RodneyMcSnow
tbierl
  • Locked
  • Question
Cisco ASA IPSec Spoof Detected
Replies
2
Views
534
burtsbees
burtsbees
RodneyMcSnow
  • Locked
  • Question
computer says windows 2012 has detected a virus
Replies
2
Views
112
kjv1611
kjv1611
kevnad1966
  • Locked
  • Question
SonicWall "Possible" SYN Flood attacks; numerous.... Danger??
Replies
1
Views
141
Dinkytoy
Dinkytoy
Enkrypted
  • Locked
  • Question
SBS 2003 Exchange Virus Scan registry setting
Replies
0
Views
110
Enkrypted
Enkrypted

Part and Inventory Search

Sponsor

Back
Top