Re: Systenm Attack @home

Mon, 31 Jan 2000 03:36:58 -0800 

"Thomas Ribbrock (Design/DEG)" wrote:
> 
> On Fri, Jan 28, 2000 at 01:37:40PM -0500, Steve wrote:
> > Portsentry flagged a scan on port 1080 today. I got the following:
> >
> > Active System Attack Alerts
> > =-=-=-=-=-=-=-=-=-=-=-=-=-=
> > Jan 28 13:30:19 localhost portsentry[585]: attackalert: Connect from host: 
>24.64.239.167.ab.wave.home.com/24.64.239.167 to TCP port: 1080
> [...]

The @Home ops scans originate from
        24.0.94.130  [EMAIL PROTECTED]
anything coming from home.com is from another user machine.

The ops scans were supposedly targeting nntp and the first few days of
heavy scanning from them did target that port.  However, they've moved
on.  They are now scanning port 80, e.g.:
Jan 31 03:02:19 maxx kernel: Packet log: input DENY eth0 PROTO=6
24.0.94.130:42800 24.3.xxx.xxx:80 L=44 S=0x00 I=691 F=0x0000 T=245 SYN
(#7) 
Jan 31 03:02:20 maxx kernel: Packet log: input DENY eth0 PROTO=6
24.0.94.130:42800 24.3.xxx.xxx:80 L=40 S=0x00 I=692 F=0x0000 T=245 (#7) 
Jan 31 03:02:20 maxx kernel: Packet log: input DENY eth0 PROTO=6
24.0.94.130:42830 24.3.xxx.xxx:80 L=44 S=0x00 I=693 F=0x0000 T=245 SYN
(#7) 
Jan 31 03:02:20 maxx kernel: Packet log: input DENY eth0 PROTO=6
24.0.94.130:42830 24.3.xxx.xxx:80 L=40 S=0x00 I=694 F=0x0000 T=245 (#7) 

This, along with the nntp scans is hitting my machine about twice a day.


> > Some one trying to get in or just @home scanning my system?
> [...]
> 
> >From what I've seen on the "Incidents" mailing list, it might well be
> @home themselves, scanning for illegal servers/proxies/etc. on their
> networks. port 1080 is a proxy port, AFAIR.
> 
> Cheerio,
> 
> Thomas
> --
>              "Look, Ma, no obsolete quotes and plain text only!"
> 
>      Thomas Ribbrock | http://www.bigfoot.com/~kaytan | ICQ#: 15839919
>    "You have to live on the edge of reality - to make your dreams come true!"
> 
> --
> To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
> as the Subject.

-- 
---------------------------------------------------------------
[EMAIL PROTECTED]
[EMAIL PROTECTED]
        Veteran, Bermuda Triangle Expeditonary Force
                        1986 - 1957
---------------------------------------------------------------


-- 
To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
as the Subject.

Reply via email to