continues SCAN Proxy attempt
From: Hugo van der Kooij (hvdkooij@vanderkooij.org)Date: 05/24/02
- Previous message: Matt Zimmerman: "Re: odd scans?"
- Next in thread: Christian Vogel: "Re: continues SCAN Proxy attempt"
- Reply: Christian Vogel: "Re: continues SCAN Proxy attempt"
- Reply: Russell Fulton: "Re: continues SCAN Proxy attempt"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 24 May 2002 22:18:12 +0200 (CEST) From: Hugo van der Kooij <hvdkooij@vanderkooij.org> To: "'incidents@securityfocus.com'" <incidents@securityfocus.com>
Hi,
For over two day I am being probed by a specific IP adres as shown in this
small sample:
May 24 22:08:04 vigor kernel: Packet log: if-inet DENY ppp0 PROTO=6
209.134.35.55:3904 213.84.18.35:1080 L=48 S=0x00 I=11804 F=0x4000 T=106
SYN (#36)
May 24 22:08:04 vigor snort[6198]: [1:615:1] SCAN Proxy attempt
[Classification: Attempted Information Leak] [Priority: 2]: {TCP}
209.134.35.55:3904 -> 213.84.18.35:1080
This occured about 1500 times in a periode of 2 days and 4 hours.
I have yet not received any response from the owner of the netblock.
Anyone else seen any similar activities from this netblock?
Hugo.
--
All email send to me is bound to the rules described on my homepage.
hvdkooij@vanderkooij.org http://hvdkooij.xs4all.nl/
Don't meddle in the affairs of sysadmins,
for they are subtle and quick to anger.
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
- Previous message: Matt Zimmerman: "Re: odd scans?"
- Next in thread: Christian Vogel: "Re: continues SCAN Proxy attempt"
- Reply: Christian Vogel: "Re: continues SCAN Proxy attempt"
- Reply: Russell Fulton: "Re: continues SCAN Proxy attempt"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
