Security Incidents mailing list archives
Re: Happy Familiy- SOCKS, Telnet, and IRC
From: Valdis Kletnieks <Valdis.Kletnieks () VT EDU>
Date: Sun, 12 Nov 2000 14:10:55 -0500
On Fri, 10 Nov 2000 16:48:50 PST, Crist Clark <crist.clark () GLOBALSTAR COM> said:
Name: irc.one.net.au Address: 203.101.17.225 After much toying with logs and tons of AWK and Perl fun, I managed to correlate these attacks with outgoing IRC traffic from one host in our network. The servers being visited have some interesting features as well, but the machine scanning us was never visited. I am waiting to
Several of the IRC networks (DALnet for one) will scan your SOCKS port before allowing you to connect, to make sure that you are in fact you and not somebody using your mis-configured SOCKS port to launder their connection. I suspect they intentionally scan from a server other than the one you connected from, in case your SOCKS is configured to allow connections from a machine you're already talking to... -- Valdis Kletnieks Operating Systems Analyst Virginia Tech
Attachment:
_bin
Description:
Current thread:
- Happy Familiy- SOCKS, Telnet, and IRC Crist Clark (Nov 13)
- Re: Happy Familiy- SOCKS, Telnet, and IRC Nicholas Brawn (Nov 13)
- Re: Happy Familiy- SOCKS, Telnet, and IRC Valdis Kletnieks (Nov 13)