Security Incidents mailing list archives

R: correlation between porscans and local activity

From: raist () CTRADE IT (Raistlin)
Date: Tue, 4 Jan 2000 16:26:34 +0100

There now appears to be some coincidence between the times my family
does web browsing and when I get scanned for port 1080.


Someone is probably trying to understand wether or not your is an open SOCKS
firewall they can use. I could bet these scans occur during IRC sessions
from one of your windows boxes (check if in the logs you have outgoing
traffic towards a 666X port).

Scanning IPs on IRC channels to check for open SOCKS it's a rather common
thing hackers-wanna-be love to do, since it leads to huge lists of addresses
they can trade, share and sell to other script kiddies around.

Just my bit of info,
Raist

Current thread:

Re: traceroute ICMP packets, (continued)
- - - Re: traceroute ICMP packets Larry Canup (Jan 18)
  - Re: ICMP time exceed in-transit packets Dave Dittrich (Jan 01)
    - Re: ICMP time exceed in-transit packets Paul Cardon (Jan 02)
  - Y2K bug in Shadow IDS Patrick Oonk (Jan 02)
  - Port Scan on 371... M. Edward Wilborne III (Jan 02)
    - Re: Port Scan on 371... Etaoin Shrdlu (Jan 02)
    - Re: Port Scan on 371... Christopher Wilson (Jan 02)
    - correlation between porscans and local activity Thomas Molina (Jan 02)
    - Re: correlation between porscans and local activity Sean Sosik-Hamor (Jan 03)
    - ADMROCKS McNab, Chris (Jan 03)
    - R: correlation between porscans and local activity Raistlin (Jan 04)
    - Re: R: correlation between porscans and local activity Michael Babcock (Jan 12)
    - Re: correlation between porscans and local activity R a v e N (Jan 04)