Re: Receiving constant hits from random hosts

From: Bojan Zdrnja (
Date: 07/10/02

Date: Wed, 10 Jul 2002 13:24:19 +0200
To: Adam Young <>,
From: Bojan Zdrnja <>

At 02:42 6.7.2002 -0400, Adam Young wrote:
>Jul 5 18:00:15 element kernel: (catch-all logging):: IN=eth0 OUT= MAC=*
>SRC= DST= LEN=48 TOS=0x00 PREC=0x00 TTL=111
>ID=35583 DF PROTO=TCP SPT=4102 DPT=1080 WINDOW=32767 RES=0x00 SYN URGP=0
>I get this above scan, along with scans on default 1080/3128(or whatever
>squids port is), and all of these are hourly, almost as if someone has
>setup a cron job to scan my system on the hour each hour. Is this
>normal? I've never seen it so prevelant in my system logs, so I figured
>I'd post. Any ideas or comments would be greatly appreciated.

Your IP network is ?
This seems to me like an automated tool for searching live proxy servers.
As you can see later, destination ports on your network go to 8001 and 8080
as well, which are well known proxy ports.
This is probably some tool which tries to find publicly open proxies (there
are several lists on the Internet, just do a search on Google).

Best regards,

Bojan Zdrnja

Relevant Pages

  • Re: 2 pc network - cant see host files from pc 2 on pc 1
    ... Assuming that you have firewall protection via your internet router try ... workgroup because it will be needed for the network to work correctly. ... see if you can access TCP ports 139 and 445 on computer one of which at ... permissions. ...
  • Re: PC Tools Firewall Question
    ... So, it's to be assumed that the two machines that are connected to your router, the LAN or Local Area Network, are never to share resources or network between the two, which are the ports you're blocking below with the PFW. ...
  • Re: Setting up Remote Desktop web connection in winxp mce to work
    ... Its possible her office network admins are blocking the outgoing ports. ... Also check to see your using the correct public IP for your router and make sure the router is configured to disable remote management. ... > anyway to test the remote connection, other than trying to connection> from ...
  • Re: [Full-disclosure] Linux - Indicators of compromise
    ... "Integrity is compromised, service downtime". ... I think Scott you work on network where is has at max 5 Cat 2950s as ... 10 has 2U servers and is each server has 4 network ports. ...
  • Re: How to spoof MAC-address in SuSE Linux?
    ... > that in their contracts and they threatened the customers and stuff. ... ran more then one PC on the network while it was not allowed to do so. ... Here there are several providers that close all ports till 1024 and some ... support you think you are going to get is gone. ...