Security Incidents mailing list archives
Re: Undernet/telnet attempts?
From: jburdge () AVENTAIL COM (Jon Burdge)
Date: Mon, 21 Feb 2000 15:05:43 -0800
This is becoming pretty standard to protect irc servers from abusive people bouncing through misconfigured wingates and proxy servers. DALnet is doing it as well. The real problem is people who install wingates, as they have historically had no idea how to configure them correctly. Some information on it is at http://help.undernet.org/proxyscan/. To quote from the page: "Due to the overwhelming (ab)use of malconfigured Wingate and Proxyservers being exploited daily the Undernet.org is now checking all users for open and exploitable Wingate/Proxy server upon connection to any Undernet.org IRC Server."
-----Original Message----- From: SecOrg [mailto:sec () FRENZY ORG] Sent: Friday, February 18, 2000 4:51 PM To: INCIDENTS () SECURITYFOCUS COM Subject: Undernet/telnet attempts? I have gotten a number of telnet attempts/scans on my server from undernet IRC hosts. A couple of the hosts were dallas-r.tx.us.undernet.org ProxyScan.MD.US.Undernet.Org As the name implies, I am guessing they are scanning wingates/proxies, etc for security/eggdrop reasons. Does anyone know if they scan all incoming connections for telnet(wingate) ports? And if so, why they would try to connect to it afterwards? Maybe some kind of fingerprinting technique that would find out if it is a open wingate? Thank you, Randy McClelland-Bane @Harborside Technical Support 1-800-680-8855
Current thread:
- Re: Undernet/telnet attempts? Jon Burdge (Feb 21)
- <Possible follow-ups>
- Re: Undernet/telnet attempts? Opus (Feb 22)