Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Undernet/telnet attempts?

From: opus () IRCORE COM (Opus)
Date: Mon, 21 Feb 2000 18:41:28 -0600

I have written such a service and basically whatt is done is port 23 is
checked for wingate and a wingate prompt, if one is seen then the client
is immediately removed from the server with a gline.  The other port is
1080 SOCKS and it is checked for a specific hex pattern to determine if it
infact is responding as an open SOCKS proxy, both are considered bad in
the irc community for its ability to allow anyone to use them from the
outside, thus evading bans and glines imposed for various reasons.

Chris Birch (Opus)
IRCore - IRC Service Provider
opus () ircore com

On Fri, 18 Feb 2000, SecOrg wrote:


I have gotten a number of telnet attempts/scans on my server from undernet
IRC hosts. A couple of the hosts were
dallas-r.tx.us.undernet.org
ProxyScan.MD.US.Undernet.Org

As the name implies, I am guessing they are scanning wingates/proxies,
etc for security/eggdrop reasons. Does anyone know if they scan all
incoming connections for telnet(wingate) ports?  And if so, why they would
try to connect to it afterwards? Maybe some kind of fingerprinting
technique that would find out if it is a open wingate?
Thank you,

Randy McClelland-Bane
@Harborside Technical Support
1-800-680-8855
Previous By Date Next
Previous By Thread Next

Current thread: