Security Incidents mailing list archives
RE: Are they back? (was Re: Scans from proxyprotector.com)
From: "Mark Ng" <laptopalias1-mark () informationintelligence net>
Date: Tue, 27 May 2003 10:15:01 +0100
It may or may not be the same people - as someone said before, the most likely reason for these scans is proxies to send spam from. I hardly would imagine that there are only one group of people performing this type of scanning. I see this type of scanning in fairly large numbers, even on my /26 at home - some of my clients networks are seeing even more. The main reason proxyprotector.com was fairly interesting was because of the volume (they were hitting networks 6 or 7 times in a day, which seems rather pointless), and because of the claimed legitimacy.
And now, I'm seeing this in the snort summaries.... 1 65.106.233.2 SCAN Proxy (8080) attempt 1 65.106.233.2 SCAN SOCKS Proxy attempt 1 65.106.233.2 SCAN Squid Proxy attempt Two days in a row -- same pattern, same scans, from the same IP. Resolves to 65.106.233.2.ptr.us.xo.net, so they're keeping quiet (or running the scans from the home dsl line....) Mail to abuse () xo net on the way. --
Regards, Mark Ng (www.informationintelligence.net) ---------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Re: Scans from proxyprotector.com, (continued)
- Re: Scans from proxyprotector.com Charles Blackburn (May 19)
- Re: Scans from proxyprotector.com Danny (May 20)
- Re: Scans from proxyprotector.com Charles Blackburn (May 20)
- Re: Scans from proxyprotector.com Kurt Seifried (May 20)
- Re: Scans from proxyprotector.com Danny (May 20)
- RE: Scans from proxyprotector.com King, Brian (May 20)
- RE: Scans from proxyprotector.com Matthew F. Caldwell (May 20)
- RE: Scans from proxyprotector.com Compton, Rich (May 20)
- Re: Scans from proxyprotector.com Kurt Seifried (May 21)
- Re: Scans from proxyprotector.com Erik Fichtner (May 22)
- Are they back? (was Re: Scans from proxyprotector.com) Erik V. Olson (May 26)
- RE: Are they back? (was Re: Scans from proxyprotector.com) Mark Ng (May 27)
- RE: Are they back? (was Re: Scans from proxyprotector.com) jlewis (May 28)
- Re: Scans from proxyprotector.com Kurt Seifried (May 21)
- Re: Scans from proxyprotector.com Charles Blackburn (May 19)
- Re: Scans from proxyprotector.com Justin Pryzby (May 22)
- Re: Scans from proxyprotector.com Valdis . Kletnieks (May 22)
- RE: Scans from proxyprotector.com Mark Ng (May 27)
- RE: Scans from proxyprotector.com Rob Shein (May 27)
- Re: Scans from proxyprotector.com Kurt Seifried (May 27)