Security Incidents mailing list archives
Re: Undernet/telnet attempts?
From: opus () IRCORE COM (Opus)
Date: Mon, 21 Feb 2000 18:41:28 -0600
I have written such a service and basically whatt is done is port 23 is checked for wingate and a wingate prompt, if one is seen then the client is immediately removed from the server with a gline. The other port is 1080 SOCKS and it is checked for a specific hex pattern to determine if it infact is responding as an open SOCKS proxy, both are considered bad in the irc community for its ability to allow anyone to use them from the outside, thus evading bans and glines imposed for various reasons. Chris Birch (Opus) IRCore - IRC Service Provider opus () ircore com On Fri, 18 Feb 2000, SecOrg wrote:
I have gotten a number of telnet attempts/scans on my server from undernet IRC hosts. A couple of the hosts were dallas-r.tx.us.undernet.org ProxyScan.MD.US.Undernet.Org As the name implies, I am guessing they are scanning wingates/proxies, etc for security/eggdrop reasons. Does anyone know if they scan all incoming connections for telnet(wingate) ports? And if so, why they would try to connect to it afterwards? Maybe some kind of fingerprinting technique that would find out if it is a open wingate? Thank you, Randy McClelland-Bane @Harborside Technical Support 1-800-680-8855
Current thread:
- MASSIVE ssh attack attempt, (continued)
- MASSIVE ssh attack attempt Mark Shirley (Feb 15)
- Re: MASSIVE ssh attack attempt Omachonu Ogali (Feb 16)
- Re: MASSIVE ssh attack attempt Jose Nazario (Feb 17)
- Re: MASSIVE ssh attack attempt Brendan Grieve (Feb 17)
- Re: MASSIVE ssh attack attempt Robert Lau (Feb 16)
- Re: MASSIVE ssh attack attempt David A. Bandel (Feb 17)
- Re: MASSIVE ssh attack attempt Robert Lau (Feb 17)
- Re: MASSIVE ssh attack attempt Filip M. Gieszczykiewicz (Feb 17)
- Re: MASSIVE ssh attack attempt Robert Graham (Feb 18)
- Undernet/telnet attempts? SecOrg (Feb 18)
- Re: Undernet/telnet attempts? Opus (Feb 21)
- Re: Undernet/telnet attempts? Jonathan Levy (Feb 21)
- Re: Undernet/telnet attempts? Tibor, Mike (Feb 22)
- Re: Undernet/telnet attempts? Brendan Grieve (Feb 22)
- Re: MASSIVE ssh attack attempt Omachonu Ogali (Feb 16)
- MASSIVE ssh attack attempt Mark Shirley (Feb 15)