Security Incidents mailing list archives

Re: Scans from proxyprotector.com

From: "Anthony Papaleo" <papaleo () ameritech net>
Date: Sat, 17 May 2003 10:34:29 -0500

This guy has scanned my system a dozen or so times in the last two days.

He can't be legitimate: If he is supposedly a security professional, he
would not perform scans of this type uninvited.
My BlackIce PF calls this suspicious activity, "...TCP port probes directed
at ports 3128, 8000, and 8080, which may indicate that an attacker is
searching the system for a proxy server."

By the way, he is also showing up looking a for a SOCKS server..."TCP port
probes directed at port 1080, which may indicate that an attacker is
scanning to determine if the system is running SOCKS."

----- Original Message -----
From: "Chris Boyd" <cboyd () gizmopartners com>
To: <incidents () securityfocus com>
Sent: Friday, May 16, 2003 6:31 PM
Subject: Scans from proxyprotector.com

I'm seeing many proxy scans from 64.201.104.2,
for.information.see.proxyprotector.com.  I did not request the scans,
and the link on his page is broken.  All emails to common addresses at
the domain are bouncing user unknown.  Is this dude legit, or just
pretending to be trying to help prevent proxy abuse?

--Chris


--------------------------------------------------------------------------

--

*** Wireless LAN Policies for Security & Management - NEW White Paper ***
Just like wired networks, wireless LANs require network security policies
that are enforced to protect WLANs from known vulnerabilities and threats.
Learn to design, implement and enforce WLAN security policies to lockdown

enterprise WLANs.


To get your FREE white paper visit us at:
http://www.securityfocus.com/AirDefense-incidents
--------------------------------------------------------------------------

--


----------------------------------------------------------------------------
*** Wireless LAN Policies for Security & Management - NEW White Paper ***
Just like wired networks, wireless LANs require network security policies 
that are enforced to protect WLANs from known vulnerabilities and threats. 
Learn to design, implement and enforce WLAN security policies to lockdown enterprise WLANs.

To get your FREE white paper visit us at:    
http://www.securityfocus.com/AirDefense-incidents
----------------------------------------------------------------------------

Current thread:

Re: Scans from proxyprotector.com, (continued)
- - Re: Scans from proxyprotector.com George Theall (May 17)
    - RE: Scans from proxyprotector.com Justin Coffi (May 17)
    - Re: Scans from proxyprotector.com Jeff (May 17)
    - Re: Scans from proxyprotector.com Michael Osten (May 19)
    - Re: Scans from proxyprotector.com Charles Blackburn (May 20)
    - Re: Scans from proxyprotector.com Charles Blackburn (May 17)
  - Re: Scans from proxyprotector.com Chris Boyd (May 19)
    - Re: Scans from proxyprotector.com Charles Blackburn (May 20)
  - RE: Scans from proxyprotector.com Shawn Duffy (May 19)
    - RE: Scans from proxyprotector.com Mark Ng (May 19)
- Re: Scans from proxyprotector.com Anthony Papaleo (May 17)
  - Re: Scans from proxyprotector.com Charles Blackburn (May 17)
- Re: Scans from proxyprotector.com Charles Blackburn (May 19)
  - Re: Scans from proxyprotector.com Danny (May 20)
    - Re: Scans from proxyprotector.com Charles Blackburn (May 20)
  - Re: Scans from proxyprotector.com Kurt Seifried (May 20)
- RE: Scans from proxyprotector.com King, Brian (May 20)
- RE: Scans from proxyprotector.com Matthew F. Caldwell (May 20)
- RE: Scans from proxyprotector.com Compton, Rich (May 20)
  - Re: Scans from proxyprotector.com Kurt Seifried (May 21)
    - Re: Scans from proxyprotector.com Erik Fichtner (May 22)

(Thread continues...)