Security Incidents mailing list archives

continues SCAN Proxy attempt

From: Hugo van der Kooij <hvdkooij () vanderkooij org>
Date: Fri, 24 May 2002 22:18:12 +0200 (CEST)

Hi,

For over two day I am being probed by a specific IP adres as shown in this 
small sample:

May 24 22:08:04 vigor kernel: Packet log: if-inet DENY ppp0 PROTO=6 
209.134.35.55:3904 213.84.18.35:1080 L=48 S=0x00 I=11804 F=0x4000 T=106 
SYN (#36)  
May 24 22:08:04 vigor snort[6198]: [1:615:1] SCAN Proxy attempt 
[Classification: Attempted Information Leak] [Priority: 2]: {TCP} 
209.134.35.55:3904 -> 213.84.18.35:1080

This occured about 1500 times in a periode of 2 days and 4 hours.

I have yet not received any response from the owner of the netblock.

Anyone else seen any similar activities from this netblock?

Hugo.


-- 
All email send to me is bound to the rules described on my homepage.
    hvdkooij () vanderkooij org         http://hvdkooij.xs4all.nl/
            Don't meddle in the affairs of sysadmins,
            for they are subtle and quick to anger.


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Current thread:

continues SCAN Proxy attempt Hugo van der Kooij (May 24)
- Re: continues SCAN Proxy attempt Christian Vogel (May 24)
- Re: continues SCAN Proxy attempt Russell Fulton (May 26)