Security Incidents mailing list archives

RE: Proxy Scans to dial up hosts...

From: "Ascent - Compton, Richard" <RCompton () ascent-corp com>
Date: Fri, 30 Nov 2001 16:34:47 -0600


Hi,
There's an article in the newest 2600 mag describing how to do an anonymous
port scan using numerous public proxy servers.  Thus avoiding detection by
an IDS (guess it didn't work too well).  I bet that this is where the
traffic is coming from.

-Rich


-----Original Message-----
From: Grimes, Shawn (NIA/IRP) [mailto:GrimesSh () grc nia nih gov] 
Sent: Friday, November 30, 2001 9:14 AM
To: incidents () securityfocus com
Subject: Proxy Scans to dail up hosts...

I notice in my snort logs that I have a box:
193.109.122.5 (proxyscan.undernet.org)

That is connecting to some of our dial-up hosts and performing FYN scans on
1080 & 8080 (proxies).  

Has anyone else seen similar activity?

Thank You,
Shawn Grimes
Computer Specialist
NCTS - Gerontology Research Center
410-558-8007
grimessh () grc nia nih gov 

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Current thread:

Re: Proxy Scans to dial up hosts... Bill_Royds (Dec 01)
- <Possible follow-ups>
- RE: Proxy Scans to dial up hosts... Ascent - Compton, Richard (Dec 01)