Security Incidents mailing list archives
continues SCAN Proxy attempt
From: Hugo van der Kooij <hvdkooij () vanderkooij org>
Date: Fri, 24 May 2002 22:18:12 +0200 (CEST)
Hi, For over two day I am being probed by a specific IP adres as shown in this small sample: May 24 22:08:04 vigor kernel: Packet log: if-inet DENY ppp0 PROTO=6 209.134.35.55:3904 213.84.18.35:1080 L=48 S=0x00 I=11804 F=0x4000 T=106 SYN (#36) May 24 22:08:04 vigor snort[6198]: [1:615:1] SCAN Proxy attempt [Classification: Attempted Information Leak] [Priority: 2]: {TCP} 209.134.35.55:3904 -> 213.84.18.35:1080 This occured about 1500 times in a periode of 2 days and 4 hours. I have yet not received any response from the owner of the netblock. Anyone else seen any similar activities from this netblock? Hugo. -- All email send to me is bound to the rules described on my homepage. hvdkooij () vanderkooij org http://hvdkooij.xs4all.nl/ Don't meddle in the affairs of sysadmins, for they are subtle and quick to anger. ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- continues SCAN Proxy attempt Hugo van der Kooij (May 24)
- Re: continues SCAN Proxy attempt Christian Vogel (May 24)
- Re: continues SCAN Proxy attempt Russell Fulton (May 26)