Security Basics mailing list archives

RE: Repeated Port Scan

From: "John Choe" <jchoe () crickettechnologies com>
Date: Fri, 27 Jun 2003 12:31:41 -0400

Looks like they might be an ISP, see link:
http://news.spamcop.net/pipermail/spamcop-list/2001-September/019958.htm
l

They also look like a haven for spammers:
http://www.senderbase.com/search/?searchString=Neucom,%20Inc.&searchBy=o
rganization

The port 6588 scan is for AnalogX Proxy server:
http://archive.develooper.com/qpsmtpd () perl org/msg00390.html
They may be looking for insecure proxies to bounce spam off of..


This is probably too outdated, but the phone # might still be active: 
  
Neucom, Inc. (NETBLK-NEUCOM-64-158-28-0)
   412 E. Madison Ave
   Tampa, Florida 33602   US
   Netname: NEUCOM-64-158-28-0
   Netblock: 64.158.28.0 - 64.158.31.255
   Maintainer: NEUC
   Coordinator:  Charmatz, Charles  (CC2190-ARIN)
charles
   727-638-8091
   Record last updated on 03-Oct-2001

Honestly, I think it would be a waste of time to pursue this with
Neucom, or any ISP related to them...


John Choe
Network Operations
Cricket Technologies, LLC




-----Original Message-----
From: compguruman () mail comcast net [mailto:compguruman () mail comcast net]

Sent: Wednesday, June 25, 2003 5:31 PM
To: security-basics () securityfocus com
Subject: Repeated Port Scan

  When I do a whois on the address it doesn't give much information 
on who to contact about abuse. I'm thinking that the computer scanning
me 
has been compromised and is looking for other computers to infect.  The 
source port is random but the local port is not.  It scans to see if
ports 
1075, 3128, 4588, 6588, and 8080 are open.  I ran retina against the 
machine and its running a default install of Apache without much
anything 
configured. Also, if whois doesn't give much 
information how can I find out who to contact about this?  

---------------------------------------------------------------------------
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
The Gartner Group just put Neoteris in the top of its Magic Quadrant,
while InStat has confirmed Neoteris as the leader in marketshare.

Find out why, and see how you can get plug-n-play secure remote access in
about an hour, with no client, server changes, or ongoing maintenance.

Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
----------------------------------------------------------------------------

Current thread:

Repeated Port Scan compguruman (Jun 27)
- <Possible follow-ups>
- RE: Repeated Port Scan John Choe (Jun 27)
- Re: Repeated Port Scan Rich Franklin (Jun 30)
- RE: Repeated Port Scan compguruman (Jun 30)