Security Basics mailing list archives

RE: Repeated Port Scan

From: compguruman () mail comcast net
Date: Sat, 28 Jun 2003 23:00:40 -0400

Thanks for the research. After I ran vulnerability scans on his IP forabout an hour his Apache server disappeared and he stopped port scanningme. Weird huh :)


At 12:31 PM 6/27/2003 -0400, you wrote:

Looks like they might be an ISP, see link:
http://news.spamcop.net/pipermail/spamcop-list/2001-September/019958.htm
l

They also look like a haven for spammers:
http://www.senderbase.com/search/?searchString=Neucom,%20Inc.&searchBy=o
rganization

The port 6588 scan is for AnalogX Proxy server:
http://archive.develooper.com/qpsmtpd () perl org/msg00390.html
They may be looking for insecure proxies to bounce spam off of..


This is probably too outdated, but the phone # might still be active:

Neucom, Inc. (NETBLK-NEUCOM-64-158-28-0)
   412 E. Madison Ave
   Tampa, Florida 33602   US
   Netname: NEUCOM-64-158-28-0
   Netblock: 64.158.28.0 - 64.158.31.255
   Maintainer: NEUC
   Coordinator:  Charmatz, Charles  (CC2190-ARIN)
charles
   727-638-8091
   Record last updated on 03-Oct-2001

Honestly, I think it would be a waste of time to pursue this with
Neucom, or any ISP related to them...


John Choe
Network Operations
Cricket Technologies, LLC




-----Original Message-----
From: compguruman () mail comcast net [mailto:compguruman () mail comcast net]

Sent: Wednesday, June 25, 2003 5:31 PM
To: security-basics () securityfocus com
Subject: Repeated Port Scan

  When I do a whois on the address it doesn't give much information
on who to contact about abuse. I'm thinking that the computer scanning
me
has been compromised and is looking for other computers to infect.  The
source port is random but the local port is not.  It scans to see if
ports
1075, 3128, 4588, 6588, and 8080 are open.  I ran retina against the
machine and its running a default install of Apache without much
anything
configured. Also, if whois doesn't give much
information how can I find out who to contact about this?

---------------------------------------------------------------------------
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
The Gartner Group just put Neoteris in the top of its Magic Quadrant,
while InStat has confirmed Neoteris as the leader in marketshare.

Find out why, and see how you can get plug-n-play secure remote access in
about an hour, with no client, server changes, or ongoing maintenance.

Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
----------------------------------------------------------------------------




---------------------------------------------------------------------------
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
The Gartner Group just put Neoteris in the top of its Magic Quadrant,
while InStat has confirmed Neoteris as the leader in marketshare.

Find out why, and see how you can get plug-n-play secure remote access in

about an hour, with no client, server changes, or ongoing maintenance.

Visit us at: http://www.neoteris.com/promos/sf-6-9.htm

----------------------------------------------------------------------------

Current thread:

Repeated Port Scan compguruman (Jun 27)
- <Possible follow-ups>
- RE: Repeated Port Scan John Choe (Jun 27)
- Re: Repeated Port Scan Rich Franklin (Jun 30)
- RE: Repeated Port Scan compguruman (Jun 30)