Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Anti-Death Penalty

From: bugtraq () NETWORKICE COM (Robert Graham)
Date: Wed, 26 Jan 2000 15:25:00 -0800

FYI:

Recently, we are seeing what appears to be scans by @Home against their own
customers for NTTP and HTTP servers.

I haven't talked to them, but my guess that this has something to do with
the recent USENET Death Penalty that was called against them for the amount
of spam coming through their networks. At the time, their claim was that the
spam was not coming directly from their own servers, but from servers run by
customers. My belief is that they are hunting for open NTTP and HTTP proxies
run by their customers in order to stem this spam.

Note: I believe that running such servers is violation of their service
agreement.

Note: The reverse DNS lookup usually gives ops-scan.home.net

Note: If you are running a personal firewall, what you'd see is a connection
attempt against TCP ports 80 and 119. Apparently, they aren't looking for
anything else at this time (like SOCKS at port 1080, squid at 3128, or
anything else).

Rob.
Previous By Date Next
Previous By Thread Next

Current thread: