Re: Receiving constant hits from random hosts
From: Bojan Zdrnja (bzdrnja@dianne.zesoi.fer.hr)Date: 07/10/02
- Previous message: Manfred BERTL: "Re: Receiving constant hits from random hosts"
- In reply to: Adam Young: "Receiving constant hits from random hosts"
- Next in thread: Jeffrey Denton: "Re: Receiving constant hits from random hosts"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 10 Jul 2002 13:24:19 +0200 To: Adam Young <adam@vbfx.com>, focus-linux@securityfocus.com From: Bojan Zdrnja <bzdrnja@dianne.zesoi.fer.hr>
At 02:42 6.7.2002 -0400, Adam Young wrote:
>---------
>Jul 5 18:00:15 element kernel: (catch-all logging):: IN=eth0 OUT= MAC=*
>SRC=24.127.132.75 DST=24.215.32.42 LEN=48 TOS=0x00 PREC=0x00 TTL=111
>ID=35583 DF PROTO=TCP SPT=4102 DPT=1080 WINDOW=32767 RES=0x00 SYN URGP=0
>
>---------
>
>I get this above scan, along with scans on default 1080/3128(or whatever
>squids port is), and all of these are hourly, almost as if someone has
>setup a cron job to scan my system on the hour each hour. Is this
>normal? I've never seen it so prevelant in my system logs, so I figured
>I'd post. Any ideas or comments would be greatly appreciated.
Your IP network is 24.215.32.0 ?
This seems to me like an automated tool for searching live proxy servers.
As you can see later, destination ports on your network go to 8001 and 8080
as well, which are well known proxy ports.
This is probably some tool which tries to find publicly open proxies (there
are several lists on the Internet, just do a search on Google).
Best regards,
Bojan Zdrnja
- Previous message: Manfred BERTL: "Re: Receiving constant hits from random hosts"
- In reply to: Adam Young: "Receiving constant hits from random hosts"
- Next in thread: Jeffrey Denton: "Re: Receiving constant hits from random hosts"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
