Security Incidents mailing list archives
Re: R: correlation between porscans and local activity
From: mikebabcock () POBOX COM (Michael Babcock)
Date: Thu, 13 Jan 2000 01:42:23 -0000
Actually, DAL.NET IRC servers (at least) scan connectees for 1080 among other ports to make sure they aren't vulnerable to attack. This type of pro-active scanning is a Good Thing (TM) and should be encouraged IMHO. <FONT COLOR="#222255">> There now appears to be some coincidence between the times my family</FONT> <FONT COLOR="#222255">> does web browsing and when I get scanned for port 1080.</FONT> Someone is probably trying to understand wether or not your is an open SOCKS firewall they can use. I could bet these scans occur during IRC sessions from one of your windows boxes (check if in the logs you have outgoing traffic towards a 666X port). Scanning IPs on IRC channels to check for open SOCKS it's a rather common thing hackers-wanna-be love to do, since it leads to huge lists of addresses they can trade, share and sell to other script kiddies around. Just my bit of info, Raist
Current thread:
- Re: ICMP time exceed in-transit packets, (continued)
- Re: ICMP time exceed in-transit packets Dave Dittrich (Jan 01)
- Re: ICMP time exceed in-transit packets Paul Cardon (Jan 02)
- Y2K bug in Shadow IDS Patrick Oonk (Jan 02)
- Port Scan on 371... M. Edward Wilborne III (Jan 02)
- Re: Port Scan on 371... Etaoin Shrdlu (Jan 02)
- Re: Port Scan on 371... Christopher Wilson (Jan 02)
- correlation between porscans and local activity Thomas Molina (Jan 02)
- Re: correlation between porscans and local activity Sean Sosik-Hamor (Jan 03)
- ADMROCKS McNab, Chris (Jan 03)
- R: correlation between porscans and local activity Raistlin (Jan 04)
- Re: R: correlation between porscans and local activity Michael Babcock (Jan 12)
- Re: correlation between porscans and local activity R a v e N (Jan 04)
- Re: ICMP time exceed in-transit packets Dave Dittrich (Jan 01)