RE: Proxy Scans to dial up hosts...

From: Ascent - Compton, Richard (RCompton@ascent-corp.com)
Date: 11/30/01


Message-ID: <537CFA8B9734D311A2330090274EA45B0F307449@exchstl2.bridge.com>
From: "Ascent - Compton, Richard" <RCompton@ascent-corp.com>
To: incidents@securityfocus.com
Subject: RE: Proxy Scans to dial up hosts...
Date: Fri, 30 Nov 2001 16:34:47 -0600


Hi,
There's an article in the newest 2600 mag describing how to do an anonymous
port scan using numerous public proxy servers. Thus avoiding detection by
an IDS (guess it didn't work too well). I bet that this is where the
traffic is coming from.

-Rich

-----Original Message-----
From: Grimes, Shawn (NIA/IRP) [mailto:GrimesSh@grc.nia.nih.gov]
Sent: Friday, November 30, 2001 9:14 AM
To: incidents@securityfocus.com
Subject: Proxy Scans to dail up hosts...

I notice in my snort logs that I have a box:
193.109.122.5 (proxyscan.undernet.org)

That is connecting to some of our dial-up hosts and performing FYN scans on
1080 & 8080 (proxies).

Has anyone else seen similar activity?

Thank You,
Shawn Grimes
Computer Specialist
NCTS - Gerontology Research Center
410-558-8007
grimessh@grc.nia.nih.gov

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com



Relevant Pages

  • Proxy bypass vulnerability & plain text passwords in LevelOne AMG-2000
    ... Proxy bypass vulnerability & plain text passwords ... "AMG-2000 is an AP Management Gateway dedicatedly designed for small to ... AMG-2000 uses an internal Squid proxy to restrict access to the wireless LAN ... The administration interface shows the passwords of all locally configured ...
    (Bugtraq)
  • [Full-disclosure] Proxy bypass vulnerability & plain text passwords in LevelOne AMG-2000
    ... Proxy bypass vulnerability & plain text passwords ... "AMG-2000 is an AP Management Gateway dedicatedly designed for small to ... AMG-2000 uses an internal Squid proxy to restrict access to the wireless LAN ... The administration interface shows the passwords of all locally configured ...
    (Full-Disclosure)
  • Re: Program to monitor employee internet usage
    ... You might want to look at the Squid proxy and the log analyzer Sarg. ... > A member of management has asked me to research available programs to log internet usage on our corporate network. ...
    (Security-Basics)
  • Re: PIX Firewall auditing suggestions please!
    ... Once you start monitoring traffic, one result will be, that the management ... concerning internet traffic apply to them as well as to normal employees. ... A PIX is a packet filter and thus operates mainly on layer 3 ... You should consider including a proxy with user authentification into the ...
    (comp.security.firewalls)
  • Re: SMS 2003: Advanced client Phase 1 Initialization error
    ... If it is a secondary site the advanced clients will only assign to the ... primary site but will retrieve policy through the secondary site or proxy ... > <![LOG[Retrieved Default Management Point from AD: ...
    (microsoft.public.sms.admin)