Security Incidents mailing list archives
Re: Proxy Scans to dail up hosts...
From: Dave Mitchell <dave () jnsnet com>
Date: Fri, 30 Nov 2001 15:12:01 -0700
Shawn, I've seen this on certain IRC servers. They scan to see if you are using "secure" proxy software. I don't know exactly what they have put in the packets to test if your proxy is "secure." Couldn't find anything from undernet in their MOTD, but here's an example below. <snip from irc.webmaster.com> /motd ùíù - ATTENTION!: ùíù - Your connection will be scanned on port 1080. ùíù - The scanning does not do anything to your system, it only determines if ùíù - you are using a proxy, and if its insecure. If it's insecure you will not be ùíù - able to connect back to the network using the proxy or wingate ùíù - server you used to first log on. You will have to connect with your own ùíù - internet connection. </snippet> -dave On Fri, Nov 30, 2001 at 10:14:27AM -0500, Grimes, Shawn (NIA/IRP) wrote:
I notice in my snort logs that I have a box: 193.109.122.5 (proxyscan.undernet.org) That is connecting to some of our dial-up hosts and performing FYN scans on 1080 & 8080 (proxies). Has anyone else seen similar activity? Thank You, Shawn Grimes Computer Specialist NCTS - Gerontology Research Center 410-558-8007 grimessh () grc nia nih gov ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Re: Proxy Scans to dail up hosts... Dave Mitchell (Dec 01)