Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Are they back? (was Re: Scans from proxyprotector.com)

From: "Erik V. Olson" <eriko () mvp net>
Date: Sun, 25 May 2003 22:45:49 -0500
On Tuesday 20 May 2003 12:58 pm, Compton, Rich wrote:


Just sent a complaint and here's what I got:

Your email for Abuse () race com has been received.  Please allow us 72
hours for an emailed response.

** PLEASE NOTE

If you are emailing about 64.201.104.2 this customer has been
terminated.


And now, I'm seeing this in the snort summaries....

1       65.106.233.2     SCAN Proxy (8080) attempt
1       65.106.233.2     SCAN SOCKS Proxy attempt
1       65.106.233.2     SCAN Squid Proxy attempt

Two days in a row -- same pattern, same scans, from the same IP. Resolves 
to 65.106.233.2.ptr.us.xo.net, so they're keeping quiet (or running the 
scans from the home dsl line....)

Mail to abuse () xo net on the way.

-- 
Erik V. Olson : eriko () mvp net : http://walden.mvp.net/~eriko

----------------------------------------------------------------------------
*** Wireless LAN Policies for Security & Management - NEW White Paper ***
Just like wired networks, wireless LANs require network security policies 
that are enforced to protect WLANs from known vulnerabilities and threats. 
Learn to design, implement and enforce WLAN security policies to lockdown enterprise WLANs.

To get your FREE white paper visit us at:    
http://www.securityfocus.com/AirDefense-incidents
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: