Security Incidents mailing list archives
R: correlation between porscans and local activity
From: raist () CTRADE IT (Raistlin)
Date: Tue, 4 Jan 2000 16:26:34 +0100
There now appears to be some coincidence between the times my family does web browsing and when I get scanned for port 1080.
Someone is probably trying to understand wether or not your is an open SOCKS firewall they can use. I could bet these scans occur during IRC sessions from one of your windows boxes (check if in the logs you have outgoing traffic towards a 666X port). Scanning IPs on IRC channels to check for open SOCKS it's a rather common thing hackers-wanna-be love to do, since it leads to huge lists of addresses they can trade, share and sell to other script kiddies around. Just my bit of info, Raist
Current thread:
- Re: traceroute ICMP packets, (continued)
- Re: traceroute ICMP packets Larry Canup (Jan 18)
- Re: ICMP time exceed in-transit packets Dave Dittrich (Jan 01)
- Re: ICMP time exceed in-transit packets Paul Cardon (Jan 02)
- Y2K bug in Shadow IDS Patrick Oonk (Jan 02)
- Port Scan on 371... M. Edward Wilborne III (Jan 02)
- Re: Port Scan on 371... Etaoin Shrdlu (Jan 02)
- Re: Port Scan on 371... Christopher Wilson (Jan 02)
- correlation between porscans and local activity Thomas Molina (Jan 02)
- Re: correlation between porscans and local activity Sean Sosik-Hamor (Jan 03)
- ADMROCKS McNab, Chris (Jan 03)
- R: correlation between porscans and local activity Raistlin (Jan 04)
- Re: R: correlation between porscans and local activity Michael Babcock (Jan 12)
- Re: correlation between porscans and local activity R a v e N (Jan 04)